Legal

Terms of Service §

Version 2026.05.23-r4-DRAFT · Effective (pending lawyer review)

These Terms of Service (the "Terms") are a binding agreement between you and Trepic, Inc. ("Trepic," "we," "us," "our"), a Delaware corporation, and govern your access to and use of the websites at trepic.co, trepic.app, trepicstories.com, the email communications we send, and any related products, applications, APIs, content, and services (collectively, the "Services"). By accessing or using the Services, you agree to these Terms and to our Privacy Policy. If you do not agree, do not use the Services.

Please read § 14 (Dispute resolution) carefully. It contains a binding arbitration agreement and a class-action waiver that affect your legal rights. You have 30 days to opt out (§ 14.5).

1. What Trepic is

Trepic is a mindful-leisure travel platform. We help you plan trips with an AI itinerary planner ("Tria"), discover boutique stays and experiences through editorial content on trepicstories.com, and book hotels, flights, and activities through integrations with third-party suppliers. We are a travel agent and intermediary — when you book through Trepic, your travel contract is with the underlying supplier (the hotel, airline, or activity operator), and Trepic facilitates the booking and payment.

2. Eligibility and minors

2.1 Minimum age to book

You must be at least 18 years old to create a Trepic account, complete a booking, participate in the Trepic Credit loyalty program (§ 17), submit User Content, or otherwise transact through the Services. By creating an account or using the Services, you represent and warrant that (i) you are at least 18 years of age, (ii) you have the legal capacity to enter into a binding contract under the laws of your jurisdiction, and (iii) you are not barred from receiving services under U.S. or other applicable law. Trepic is not directed to children. We do not knowingly collect personal information from anyone under 13 (the U.S. Children's Online Privacy Protection Act, "COPPA," 15 U.S.C. §§ 6501–6506) or under 16 in the EEA, the UK, or Switzerland, and we do not knowingly permit any person under 18 to register an account, earn or redeem Trepic Credit, or transact for travel. If we learn that a person under the applicable age has created an account, we will close the account and delete the associated personal information as described in § 2.3 and in the Privacy Policy § 10.

2.2 Editorial reading

The editorial content on trepicstories.com is generally appropriate for readers aged 13 and older. We do not knowingly collect personal information from anyone under 13 (in line with the U.S. Children's Online Privacy Protection Act, "COPPA"), or from anyone under 16 in the European Economic Area, the United Kingdom, or Switzerland (in line with GDPR digital-consent thresholds). We do not target advertising to, profile, or build inferences about children under any circumstance.

2.3 Parental remedy

If you are a parent or legal guardian and believe a child under the applicable age threshold has provided personal information to Trepic, email privacy@trepic.co and we will delete the information and close any associated account promptly, typically within 30 days, subject to identity verification.

2.4 Minors in User Content

You may not upload, post, share, or transmit content depicting an identifiable minor (anyone under 18) unless you are the minor's parent or legal guardian and have given affirmative consent, or you have obtained verifiable consent from each minor's parent or legal guardian. Minors may not appear in User Content used for commercial promotion, brand-partner posts, paid placements, or affiliate-driven content without verified parental consent on file. You are responsible for compliance with the Children's Online Privacy and Safety Protection Act, GDPR-K, and analogous laws in your jurisdiction.

2.5 Zero tolerance for child sexual exploitation; NCMEC reporting

Trepic has zero tolerance for content or conduct that sexually exploits, abuses, endangers, grooms, traffics, or otherwise harms children. We use commercially reasonable child-safety detection (including, where applicable, perceptual-hash matching against known child-sexual-abuse-material ("CSAM") hash sets) on User Content surfaces, and we cooperate with law enforcement. Apparent child sexual exploitation is reported to the U.S. National Center for Missing & Exploited Children ("NCMEC") as required by 18 U.S.C. § 2258A, and to analogous authorities (such as the UK Internet Watch Foundation or the EU CSAM hotline network) where applicable. Accounts associated with such content or conduct are terminated permanently and referred to law enforcement.

3. Accounts and access

You are responsible for the accuracy of the information you provide (including traveler names, dates of birth, passport details, and contact information) and for keeping it current. Inaccurate information can cause bookings to be denied or non-refundable.

You are responsible for maintaining the confidentiality of your credentials and for all activity that occurs under them. Notify us promptly at security@trepic.co of any unauthorized access. You may close your account at any time through your account settings or by emailing support@trepic.co.

4. Acceptable use and Community Guidelines

4.1 Prohibited conduct

You agree not to:

• use the Services in violation of any law or regulation;
• impersonate any person or misrepresent your affiliation;
• submit false, misleading, or unlawful information in any form, including in bookings, reviews, ratings, or trip stories;
• scalp, resell, or speculatively book inventory you do not intend to use;
• attempt to reverse engineer, decompile, disassemble, or otherwise interfere with the Services or their security mechanisms;
• access the Services through automated means (bots, scrapers, crawlers, headless browsers, harvesters) except for well-behaved search-engine indexing per our robots.txt, or aggregate, harvest, or compile any portion of the Services without our prior written consent;
• bypass, disable, or attempt to circumvent any rate limit, CAPTCHA, paywall, geographic restriction, anti-fraud, anti-abuse, or other access-control or security measure;
• create accounts by automated means; create more than one account per person except as expressly authorized; share an account with another person; or buy, sell, rent, or transfer an account;
• frame, mirror, embed, or otherwise present any portion of the Services on another site or app without our prior written consent;
• train, fine-tune, distill, evaluate, develop, benchmark, or otherwise create any machine-learning model, dataset, or generative AI system using outputs from Tria, content of the Services, or scraped User Content, except as separately authorized in writing;
• introduce viruses, worms, trojans, ransomware, time-bombs, or other harmful or malicious code;
• harass, bully, threaten, defame, stalk, dox, or harm any other user or third party;
• use the Services to send unsolicited commercial messages, spam, MLM/pyramid solicitations, or chain communications;
• engage in fraud, payment fraud, friendly-fraud chargebacks, or coordinated inauthentic behavior;
• manipulate reviews, ratings, search rankings, or recommendation systems (including by submitting fake reviews, vote-farming, brigading, or paying for engagement);
• misrepresent AI-generated content (including Tria output) as human-authored where such misrepresentation would mislead a reasonable user;
• generate or disseminate synthetic media (deepfakes) of any real person, including any identifiable Trepic employee, supplier, or other user, without that person's affirmative consent;
• upload content that infringes intellectual-property rights or violates privacy or publicity rights;
• use the Services to facilitate the sale of firearms, explosives, regulated weapons, illegal drugs, regulated pharmaceuticals, stolen goods, counterfeit items, or human-trafficking services;
• use the Services in any jurisdiction subject to comprehensive U.S. sanctions, or while located on any U.S.-government denied- or restricted-party list (see § 16.5).

Technical enforcement. We reserve the right to enforce these prohibitions through technical and legal measures, including rate limits, IP and ASN blocks, CAPTCHA challenges, device fingerprinting, account suspension, content removal, watermarking, and litigation for damages and injunctive relief.

4.2 Community Guidelines (prohibited content)

The Community Guidelines at § Community Guidelines are incorporated into these Terms by reference. In summary, you may not post, upload, share, or transmit content that:

• Child safety (zero tolerance): sexualizes a minor in any way; grooms, solicits, or endangers a minor; depicts child sexual abuse, exploitation, or trafficking; or attempts sextortion. Such content is reported to NCMEC under 18 U.S.C. § 2258A and to law enforcement, and the responsible account is permanently terminated;
• is unlawful, defamatory, libelous, obscene, pornographic, or sexually explicit;
• constitutes non-consensual intimate imagery ("NCII"), including imagery created or altered by AI (synthetic intimate imagery);
• promotes, glorifies, or facilitates terrorism, organized violence, violent extremism, or designated foreign terrorist organizations;
• incites violence against a person or group, or threatens specific real-world harm;
• constitutes hate speech, harassment, or targeted attacks against people based on protected characteristics (race, ethnicity, national origin, caste, religion, disability, age, gender, gender identity, sexual orientation, serious disease, immigration status, or veteran status);
• facilitates human trafficking, smuggling, slavery, forced labor, or the commercial sexual exploitation of any person;
• promotes self-harm, suicide, eating disorders, or other behaviors that endanger life;
• promotes the abuse of, or dangerous interactions with, wildlife or protected animals;
• contains medical misinformation that, if relied on, could cause real-world harm (e.g., dangerous travel-medical advice, vaccine disinformation contradicting public-health consensus);
• contains election or civic-integrity misinformation that could meaningfully mislead voters about the time, place, or manner of an election;
• infringes anyone's copyright, trademark, trade secret, right of publicity, or other intellectual-property right;
• violates anyone's privacy (including publishing private facts, doxing, or unblurred faces of minors without verified parental consent);
• is a fake, paid-for, incentivized, or undisclosed-conflict review or rating (we follow FTC endorsement guidelines);
• impersonates a supplier, a Trepic employee, an officer or director of Trepic, or another traveler;
• contains malware, phishing links, unauthorized advertising, MLM/pyramid schemes, or attempts to redirect bookings outside the Services;
• is AI-generated or materially AI-modified and you have not labeled it as such where doing so is required to avoid misleading a reasonable reader (see § 6.3).

We may enforce these guidelines through warnings, content removal, search-and-feed demotion, labeling or watermarking (including automatic AI-content labels), feature restriction (e.g., disabling messaging or posting), temporary suspension, or permanent termination. Severity and pattern of violations determine the response. Repeated or egregious violations may result in immediate termination and referral to law enforcement.

Reporting. Report violations to trust@trepic.co, via the in-product flag where available, or in the case of copyright via the DMCA process (§ 8.6).

4.3 Suspension and termination

We may suspend or terminate your access at any time for any violation of these Terms or for any conduct we determine, in good faith, harms us, our users, our suppliers, or third parties. Where practical and lawful, we will give you advance notice and an opportunity to appeal. Where we judge an immediate action is necessary to prevent harm, fraud, or legal exposure, we may act without prior notice.

5. Bookings and payments

5.1 Trepic as agent

Trepic acts as a booking agent on behalf of independent third-party suppliers. When you complete a booking through Trepic:

• Hotels are sourced through one or more third-party hotel-distribution partners and supplied by individual properties.
• Flights are sourced through one or more third-party flight-distribution partners and supplied by the operating airline(s).
• Activities and experiences are sourced through one or more third-party activity-distribution partners and supplied by independent activity operators. Affiliate links to additional experience providers may also be presented; bookings made via those links are made directly with the underlying provider under that provider's terms, and Trepic does not process payment for them.

Your contract for the underlying travel service is with the supplier, not with Trepic. The supplier's own booking conditions, fare rules, cancellation policy, and conditions of carriage apply on top of these Terms; where there is a direct conflict, the supplier's conditions govern the supplier-provided service.

5.2 Pricing and currency

Prices are shown in U.S. dollars by default and include all fees and taxes we are able to display at the time of search. Your card issuer may apply foreign-transaction or currency-conversion fees that Trepic does not control and does not refund. Prices and availability are not guaranteed until your booking is confirmed by the supplier.

5.3 Payment

Payments are processed by a third-party PCI-DSS-compliant payment processor. Trepic does not store full payment-card numbers; card data is tokenized by the processor. For hotel bookings we use a manual-capture pattern: your card is authorized at booking and charged once the supplier confirms availability. If the supplier cannot confirm, the authorization is released or refunded.

By providing payment information, you authorize Trepic and its payment processor to charge the amounts shown at checkout, including any applicable taxes, fees, and (where disclosed) supplier-side surcharges.

5.4 Trepic Credit and vouchers

You may receive Trepic Credit or promotional vouchers, which can be applied to future bookings subject to the terms shown at issuance (including any expiration date). Trepic Credit and vouchers have no cash value, are not transferable, and (except where required by law) are not refundable to a payment card. See the Refund Policy for details.

Trepic Credit issued by Trepic (for example, referral bonuses, support make-goods, or beta-contest awards) expires twelve (12) months from the date of issuance unless an earlier expiration date is shown at issuance. Supplier-issued vouchers honor the validity period set by the issuing supplier at the time of mint (typically 30–365 days), as shown on the voucher.

5.5 Cancellations and refunds

Cancellations and refunds are governed by our Refund Policy, which is incorporated into these Terms by reference. The Refund Policy describes per-rail behavior for hotels, flights, activities, and Trepic Credit, the timelines for refund delivery, and how to escalate disputes. Cancellation windows, change fees, no-show rules, and any non-refundable amounts are set by the underlying supplier, not Trepic, and the supplier's policy controls the supplier-provided portion of any refund.

Trepic does not guarantee the availability, pricing accuracy, completeness, or fitness for any particular purpose of supplier inventory. Inventory and prices may change between search, selection, and checkout. We reserve the right to cancel a booking that was confirmed in reliance on an obvious error in pricing or availability ("fat-finger" or feed errors), and to issue a full refund in lieu of honoring the erroneous price.

5.6 Travel insurance (strongly recommended)

Travel is unpredictable. We strongly recommend that every traveler purchase comprehensive travel insurance covering trip cancellation and interruption, medical care abroad, medical and security evacuation, baggage, and supplier insolvency, before paying any non-refundable amount. Trepic is not an insurance broker and does not sell travel insurance. We may surface offers from third-party insurance partners; any policy you purchase is a contract between you and the insurer.

6. AI-generated content (Tria)

Tria is Trepic's AI itinerary planner. Tria's suggestions are generated using one or more third-party large-language-model providers and are provided for inspiration and convenience only. Tria is not a licensed travel agent, financial advisor, medical professional, or attorney, and its output is not professional advice.

You are solely responsible for independently verifying:

• visa, passport, entry, and exit requirements for your itinerary;
• vaccination, health, and medication-import requirements;
• local laws, customs, safety conditions, and travel advisories;
• insurance coverage (travel, medical, evacuation, cancellation);
• currency, banking, and tax implications.

AI output may contain errors, outdated information, hallucinations, or omissions. Trepic disclaims liability for losses arising from reliance on AI-generated content; see § 9 and § 10.

6.1 No professional advice

Tria does not provide legal, medical, financial, tax, immigration, visa, or insurance advice. Where your trip presents any such question, consult a licensed professional in the relevant jurisdiction.

6.2 Prohibited uses of Tria

You may not use Tria, or any other Trepic AI feature, to (a) generate or facilitate content prohibited by § 4.2 or the Community Guidelines; (b) generate synthetic media of any real person without that person's consent; (c) generate CSAM, sextortion content, content sexualizing minors, NCII, or content that endangers a minor; (d) generate or refine disinformation that could materially harm public health, election integrity, or public safety; (e) extract, reverse-engineer, or reconstruct training data, system prompts, or model weights; (f) automate or programmatically abuse Tria's endpoints; or (g) generate content that infringes intellectual-property rights of any third party. Violations may result in immediate suspension or termination and, where appropriate, referral to law enforcement.

6.3 AI-content labeling

Where you post User Content that was generated or materially modified by AI (whether Tria or another tool), you must clearly label it as such. We may automatically detect and label AI-generated content, downrank it, or remove it where labeling is missing and the content is likely to mislead a reasonable user. We do not permit unlabeled synthetic media of real, identifiable people.

6.4 Use of your interactions to improve Tria

Trepic may use your Tria prompts, responses, ratings, edits, and feedback signals — in de-identified form — to improve Trepic's products, prompts, retrieval, safety filters, and evaluation sets. We do not permit our upstream foundation-model providers to train their underlying models on your personal content; we maintain contractual no-training commitments with those providers, generally speaking, and require zero-data-retention or short-retention configurations where commercially reasonable. Specific provider terms are available on request at privacy@trepic.co.

6.5 Ownership of Tria outputs

Subject to these Terms and to applicable law, you may use the itinerary suggestions Tria generates for your personal travel. Trepic does not claim ownership of the textual suggestion you accept and personalize for your own use. However, as a matter of U.S. copyright law (per current U.S. Copyright Office guidance), purely AI-generated output is not eligible for copyright protection without sufficient human authorship; you should not assert exclusive copyright in unmodified Tria output.

6.6 Place, restaurant, and venue recommendations

When Tria recommends a place to eat, drink, or visit (such as a restaurant, café, bar, activity, or point of interest), the underlying listing data — including the venue's name, address, hours, photographs, price level, ratings, and review counts — is sourced from one or more third-party place-data and review providers. Trepic does not maintain that data and does not warrant its accuracy. The data can be outdated, incomplete, or wrong; venues open, close, change menus, change hours, and change policies without notice.

Tria recommends places; Tria does not reserve, book, or hold a table on your behalf, and Trepic is not a party to your relationship with the venue. Before relying on a recommendation, you are solely responsible for confirming, at a minimum: (a) that the venue is open and operating; (b) hours of operation for your specific day and time; (c) reservation, dietary, accessibility, age, dress-code, and other operational policies; (d) pricing, taxes, gratuities, and minimums; (e) safety conditions on the route to and from the venue; and (f) any local laws, customs, or health and safety advisories. Each recommendation displays the source attribution required by the underlying provider and links back to the source listing so you can verify details. Trepic is not responsible for the acts, omissions, quality, or safety of any venue.

6.7 Imported inspiration (links and uploads)

Trepic offers a feature that lets you import a link, screenshot, photograph, or document so that Tria can extract a draft itinerary, list of places, or other structured content from it. By submitting any link or file to this feature, you represent and warrant that: (a) you own the content or have all rights, licenses, consents, and permissions necessary to submit it and have Trepic process it; (b) submitting it does not infringe, misappropriate, or violate any third party's intellectual-property, privacy, publicity, contract, or other rights; and (c) any person depicted has provided the consent required by law. Trepic processes imported content on a best-effort basis to extract structured fields and may discard inputs that cannot be processed. Extracted output is a draft only; you remain responsible for reviewing, correcting, and editing it before relying on it, sharing it, or publishing it as part of Your Content under § 8.2.

6.8 Reflection prompts and journaling

Tria may offer to schedule short reflection prompts to help you capture observations during your trip, and may save the notes or reflections you write into your trip journal. Scheduled prompts and saved reflections are part of Your Content under § 8.2. They are private to your account by default and are shared or published only if you choose to share or publish the trip or journal. You can edit, dismiss, or delete a prompt or a reflection at any time. Reflections are personal journaling, not professional advice; § 6.1 applies.

6.9 Tagging recommendations to your trip and journal

You can, in a single action, tag a recommended place to your trip itinerary and to your trip journal. When you do, the third-party source attribution and link-back for that place travel with the tagged item — inside the trip, and, if you choose to publish the journal, in any published form — so that the underlying provider's display requirements continue to be satisfied. You remain responsible for the editorial content of your journal under § 8.2.

7. Editorial content (trepicstories.com)

Editorial articles, guides, and curated lists published on trepicstories.com are © Trepic and its contributors. Some editorial content includes affiliate or commissioned links; we may earn a commission when you book through these links, at no additional cost to you. Affiliate relationships do not affect editorial judgment.

8. Intellectual property

8.1 Trepic content

All software, design, content, trademarks, logos, and the "look and feel" of the Services are owned by Trepic or its licensors and are protected by copyright, trademark, trade-dress, and other intellectual-property laws. We grant you a limited, revocable, non-transferable, non-exclusive license to access and use the Services for their intended personal, non-commercial purpose. No other rights are granted.

8.2 Your content (User-Generated Content)

You retain ownership of the photos, trip stories, itineraries, reviews, ratings, captions, profile information, and other materials you submit, upload, or transmit through the Services ("Your Content"). You are solely responsible for Your Content and for any consequences of submitting it.

License you grant to Trepic. By making Your Content available through the Services, you grant Trepic and its corporate affiliates a non-exclusive, worldwide, royalty-free, fully paid-up, sublicensable (through multiple tiers), and transferable license to host, store, cache, copy, reproduce, modify (including to crop, re-encode, transcode, resize, watermark with Trepic branding, translate, and create derivative works strictly to operate and display the Services), publish, publicly perform and publicly display, distribute, and otherwise use Your Content in connection with operating, providing, improving, securing, promoting, and developing the Services, and for marketing the Services across any media now known or later developed. This license is irrevocable for any copies that other users have already shared, reposted, or downloaded under their own rights of use, and survives termination only to that extent and for backup, legal-hold, and aggregated-analytics copies as described below.

Scope and termination of the license. When you delete Your Content, or close your account, the license above terminates within a commercially reasonable period, except: (a) for residual encrypted backup copies retained for disaster recovery for up to 90 days; (b) for copies we are required by law, regulation, court order, or governmental request to retain; (c) for de-identified, aggregated, or anonymized derivatives that can no longer be associated with you; (d) for copies that other users have legitimately re-shared or downloaded under our user-facing share features prior to your deletion; and (e) for copies sublicensed to a supplier under the next paragraph, which will continue under the supplier's terms. The license is otherwise perpetual for the life of the applicable copyright as to copies in these residual categories, and irrevocable as to copies already disseminated.

Sublicense to suppliers. When you submit a review, rating, photo, or other User Content about a specific property, supplier, route, or experience, you grant Trepic the right to sublicense that User Content to the underlying supplier (and to the distribution platform we used to reach that supplier) on a non-exclusive, royalty-free basis so that the supplier may display, respond to, syndicate, or use the User Content in connection with its listing and customer-relations activities. Where reasonably possible, the User Content will be attributed (e.g., by display name or handle).

Cross-posting to creator-affiliate networks. If you have opted in as a Trepic creator, you grant Trepic the additional right to cross-post Your Content (with attribution) to creator-affiliate networks, partner editorial channels, and Trepic-operated social accounts, in each case under the separate creator agreement you accepted at onboarding.

Representations. You represent and warrant that (i) you own Your Content or have obtained all rights, licenses, consents, releases, and permissions necessary to grant Trepic the license above; (ii) Your Content does not and its use by Trepic and its users will not infringe, misappropriate, or violate any third party's intellectual property, publicity, privacy, or other rights; and (iii) every identifiable person in Your Content (including children, where applicable) has given the consent required by law to be depicted in the way you have submitted.

Moderation and removal. We do not pre-screen Your Content, but we have the right (not the obligation) to review, edit headlines or summaries for editorial fit, refuse, restrict, hide, age-gate, demote in feeds and search, label, watermark, geo-block, or remove any of Your Content for any reason or no reason, including if we believe in good faith it violates these Terms, our Community Guidelines (§ 9), applicable law, or third-party rights. Removal does not entitle you to a refund of any fee, credit, or commission.

Feedback on AI output. If you mark, rate, comment on, or otherwise provide signals about Tria's output, you grant Trepic an unrestricted right to use those signals (in de-identified form) to train, evaluate, fine-tune, and improve the Services and Trepic's models and prompts.

8.3 Creator and brand-partner content

If you are accepted as a Trepic creator or brand partner, additional terms — covering editorial standards, exclusivity windows, commission rates, payment terms, and content licensing — will be presented for separate acceptance before publication or distribution.

Creator tiers and badges. Where applicable to a creator-program participant, Trepic may from time to time assign, modify, suspend, or revoke creator tiers, badges, and similar status indicators based on factors such as activity, content quality, program eligibility, compliance with these Terms and the Community Guidelines, and changes to the program itself. Some indicators are earned automatically on the basis of measurable activity; others are granted, withheld, or revoked at Trepic's editorial or operational discretion. Tiers and badges are honorific designations associated with the Services; standing alone, they do not create any contractual right, entitlement, guarantee of commission rate, distribution priority, featured placement, or earnings. The specific criteria, thresholds, visual treatment, and lifecycle of tiers and badges may change at any time at Trepic's discretion, and changes apply prospectively from the time they take effect.

8.4 Commission payment timing (creators)

Commission payments to creators are processed only after Trepic receives cleared payment from the underlying property, vendor, or partner. Payment timing therefore depends on each vendor's settlement cycle and may take anywhere from 7 to 120 days following the qualifying booking, check-out, or service-completion event (whichever is later under the applicable property agreement). Commissions on bookings that are cancelled, refunded, charged back, disputed, or otherwise reversed are not earned and may be deducted from future payouts.

8.5 Feedback

If you send us feedback, suggestions, or ideas, we may use them without restriction or compensation. You waive any moral rights to the extent permitted by law.

8.6 Copyright complaints (DMCA) and trademark complaints

Trepic respects the intellectual-property rights of others and expects users to do the same. We comply with the U.S. Digital Millennium Copyright Act (17 U.S.C. § 512) and equivalent notice-and-takedown regimes in other jurisdictions (including the EU Digital Services Act and the UK's online-platform regime). See the full DMCA & Copyright section for notice procedures and counter-notice procedures.

8.7 Account portability and data export

You may request a machine-readable export of the personal information and user-generated content associated with your account at any time. To initiate an export, email privacy@trepic.co or use the in-product "Download your information" tool when available. Exports typically include profile data, trip itineraries you created, photos you uploaded, reviews and ratings you submitted, and the booking-record metadata we hold for you (subject to supplier confidentiality limits). We deliver exports in commonly used formats (JSON and, where applicable, ZIP) within 30 days, subject to identity verification.

9. Disclaimers

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, SECURE, OR ERROR-FREE.

Trepic does not own, operate, or control any hotel, airline, activity operator, or other supplier listed on the Services. We are not responsible for, and do not warrant, the acts, omissions, safety, quality, accuracy of descriptions, or performance of any supplier. Travel involves inherent risks; you assume those risks when you book.

Some jurisdictions do not allow the exclusion of certain warranties; in such jurisdictions, this section applies only to the extent permitted.

10. Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL TREPIC OR ANY OF ITS PARENTS, SUBSIDIARIES, AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, CONTRACTORS, AGENTS, LICENSORS, SUPPLIERS, OR SUCCESSORS-IN-INTEREST (THE "TREPIC PARTIES") BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, EXEMPLARY, RELIANCE, OR ENHANCED DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, GOODWILL, BUSINESS, DATA, USE, REPUTATION, OR OPPORTUNITY, ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICES, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, WARRANTY, TORT INCLUDING NEGLIGENCE, STATUTE, STRICT LIABILITY, OR OTHERWISE) AND EVEN IF A TREPIC PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

THE TREPIC PARTIES' TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICES WILL NOT EXCEED THE GREATER OF (A) ONE HUNDRED U.S. DOLLARS ($100) OR (B) ONE HUNDRED PERCENT (100%) OF THE FEES YOU HAVE PAID TO TREPIC (expressly excluding amounts charged or retained by suppliers, taxes, third-party fees, and amounts passed through to third parties) IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

Trepic is not liable for losses caused by suppliers, including airline delays or cancellations, hotel overbooking, activity-operator cancellations, supplier insolvency, or supplier acts or omissions. Your remedies for supplier-caused losses are against the supplier (and your travel-insurance and card-issuer protections), not Trepic.

Carve-outs. The exclusions and caps above do not apply to (i) liability that cannot be excluded or limited under applicable mandatory law (which in many consumer jurisdictions includes liability for death or personal injury caused by negligence, fraud, fraudulent misrepresentation, and gross negligence or willful misconduct); (ii) your indemnification obligations under § 11; (iii) intellectual-property infringement claims brought by Trepic against you; or (iv) other matters where applicable consumer law preserves a higher floor. Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages; in such jurisdictions, our liability is limited to the maximum extent permitted by law.

Foundational allocation of risk. The disclaimers, caps, and exclusions in §§ 9–10 are a fundamental and material basis on which Trepic agrees to provide the Services. They allocate risk between the parties, apply regardless of whether any remedy fails of its essential purpose, and survive termination.

11. Indemnification

You agree to defend, indemnify, and hold harmless the Trepic Parties (as defined in § 10) from and against any and all claims, demands, actions, investigations, damages, liabilities, losses, judgments, fines, penalties, costs, and expenses (including reasonable attorneys' fees and costs of investigation, and including costs of complying with subpoenas issued to a Trepic Party as a result of your activity) arising out of or related to: (a) your breach of these Terms or any policy incorporated by reference; (b) your breach of any law or any third-party right (including any intellectual-property, privacy, publicity, contract, employment, or consumer right); (c) your User Content, including any claim that it infringes, misappropriates, or violates any third party's rights; (d) your use or misuse of the Services or Tria; (e) your interactions with any supplier, other user, or third party (including disputes over the supplier-provided service); (f) your violation of any tax or reporting obligation applicable to you; (g) any chargeback, refund-fraud, friendly-fraud, or unauthorized-use claim associated with your payment method; (h) any claim that you violated export-control or sanctions law; and (i) any claim by a person depicted in your User Content (including any minor) that you failed to obtain required consent.

Defense. Trepic reserves the right, at our own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which case you agree to (i) reasonably cooperate with our defense and (ii) not settle any matter without Trepic's prior written consent. You may not settle any matter that affects a Trepic Party without Trepic's prior written consent.

11A. Releases

To the maximum extent permitted by law, you release the Trepic Parties from any and all claims, demands, damages (actual and consequential) of every kind and nature, known and unknown, suspected and unsuspected, disclosed and undisclosed, arising out of or in any way connected with:

• your interactions with other users (online, in messaging, or in person at a destination);
• your interactions with any supplier or the supplier's staff, agents, vehicles, vessels, equipment, or premises;
• travel-related risks of any kind, including weather, force majeure events, acts of God, natural disaster, geopolitical events, war, civil unrest, terrorism, criminal activity, traffic accidents, transportation incidents, medical events, pandemics, epidemics, quarantines, vector-borne illness, food and water contamination, allergic reactions, wildlife encounters, altitude or marine risks, and recreational-activity risks;
• your reliance on any Tria suggestion or AI-generated content, including any information about visas, passports, vaccinations, health, weather, safety, opening hours, prices, or local customs;
• the accuracy, completeness, or timeliness of any information displayed on the Services, including supplier descriptions, photographs, amenity lists, and reviews;
• any loss, theft, damage, or destruction of personal property during travel.

If you are a resident of California, you expressly waive the protections of California Civil Code § 1542, which provides: "A general release does not extend to claims that the creditor or releasing party does not know or suspect to exist in his or her favor at the time of executing the release and that, if known by him or her, would have materially affected his or her settlement with the debtor or released party." You waive analogous protections under other states' or countries' laws to the maximum extent permitted.

11B. Force majeure

Neither party will be liable for any failure or delay in performance (other than a payment obligation) to the extent caused by an event beyond its reasonable control, including: acts of God; natural disasters; severe weather; earthquake; flood; fire; volcanic activity; war; armed conflict; terrorism; civil disturbance or unrest; riot; act, decree, order, or restriction of any government, court, or regulator; embargo, sanction, or trade restriction; export-control determination; strike, lockout, or labor dispute (other than involving only the party's own workforce); epidemic, pandemic, or public-health quarantine; cyberattack, distributed-denial-of-service event, or large-scale fraud; supply-chain or carrier disruption; failure or outage of the internet, telecommunications, utilities, electricity, or third-party cloud, content-delivery, payment-processing, or AI-inference platforms; supplier insolvency, bankruptcy, business cessation, or suspension of operations; and any other condition reasonably outside the party's control. The affected party will use commercially reasonable efforts to resume performance.

12. Modifications

We may modify, suspend, or discontinue the Services (or any part of them) at any time. We may also update these Terms from time to time. If we make material changes, we will post the updated Terms here, update the "Last updated" date, and (where required by law or where the change materially affects your rights) notify you by email or by a prominent in-product banner at your next sign-in, at least 14 days before the change takes effect. Your continued use of the Services after the effective date constitutes acceptance.

13. Termination

You may stop using the Services and close your account at any time through your account settings or by emailing support@trepic.co.

Termination by Trepic. Trepic may, in its sole discretion, suspend, restrict, limit, or terminate your access to all or any part of the Services at any time, with or without cause, and with or without notice, including for any of the following reasons: (a) breach of these Terms or any incorporated policy; (b) fraud, friendly fraud, payment-method abuse, or chargeback abuse; (c) security risk (including credential compromise, account-takeover risk, or risk to other users); (d) abuse, harassment, or threats directed at users, suppliers, or Trepic personnel; (e) violation of the Community Guidelines, including child-safety violations, which result in immediate termination; (f) two or more substantiated DMCA notices (or one egregious notice) under our repeat-infringer policy; (g) a lawful subpoena, court order, governmental request, sanctions designation, or denied-party listing; (h) prolonged account inactivity (typically more than 24 months) following advance notice where practical; (i) discontinuation of the Service or any feature thereof, including in connection with a business decision to sunset; or (j) any other circumstance in which Trepic determines, in good faith, that continued access would harm Trepic, our users, our suppliers, or the public.

Effect of termination. Upon termination: (i) your license to use the Services ends immediately; (ii) your User Content may be removed, retained, or anonymized as described in § 8.2 and the Privacy Policy; (iii) any pending booking continues to be governed by the applicable supplier terms and our Refund Policy; (iv) Trepic Credit and vouchers are forfeited if termination is for cause, except as required by law; and (v) the following provisions survive: §§ 5.5 (Refunds), 8 (IP and UGC license), 9 (Disclaimers), 10 (Limitation of liability), 11 (Indemnification), 11A (Releases), 11B (Force majeure), 14 (Dispute resolution), 15 (Miscellaneous), 16 (Additional terms), and any other provision that by its nature should survive.

14. Dispute resolution; binding arbitration; class-action waiver

Read this section carefully — it affects your legal rights, including your right to a jury trial and to participate in a class action.

14.1 Informal resolution (required first step)

Before initiating arbitration, you must first send Trepic a written Notice of Dispute to legal@trepic.co (with a copy to support@trepic.co) describing (i) your name, account email, and mailing address; (ii) a clear description of the claim and its factual basis; and (iii) the specific relief sought. Trepic will respond within a reasonable time and the parties will engage in a good-faith informal discussion for at least 30 days before either side may commence arbitration. Engaging in informal resolution is a precondition to filing a demand for arbitration; an arbitrator may dismiss a demand filed without compliance with this section. The statute of limitations and any filing-fee requirements are tolled during informal resolution.

14.2 Binding arbitration

Any dispute, claim, or controversy arising out of or relating to these Terms, the Services, or your relationship with Trepic that is not resolved informally will be resolved by binding individual arbitration, administered by the American Arbitration Association ("AAA") under its Consumer Arbitration Rules (or, if AAA is unavailable, by JAMS under its Streamlined Arbitration Rules), before a single arbitrator. The arbitration will be seated in Wilmington, Delaware, conducted remotely (telephonically or by videoconference) where consistent with the applicable rules, and the arbitrator's decision will be final and binding and may be entered as a judgment in any court of competent jurisdiction. You and Trepic agree to waive the right to a trial by jury for any claim subject to this § 14. The Federal Arbitration Act (9 U.S.C. §§ 1 et seq.) governs the interpretation and enforcement of this section.

14.3 Carve-outs

Either party may bring (a) an individual claim in small-claims court if the claim qualifies and remains in that court (and is not removed or appealed to a court of general jurisdiction), or (b) an action in any court of competent jurisdiction to obtain temporary, preliminary, or other injunctive or equitable relief in aid of arbitration or to protect intellectual-property rights, in either case without first proceeding to arbitration.

14.4 Class-action waiver and mass-arbitration procedure

Class waiver. You and Trepic each waive any right to bring or participate in a class action, collective action, mass action, consolidated action, private-attorney-general action, or representative action against the other. The arbitrator may not consolidate more than one person's claims and may not preside over any form of representative or class proceeding. If this waiver is found unenforceable as to a particular claim, that claim must be litigated in a court of competent jurisdiction (and not arbitrated), but the rest of this § 14 will remain in effect for all other claims, and the parties agree that any such court action will be heard in Wilmington, Delaware (see § 15).

Mass-filing anti-stacking. If 25 or more similar demands for arbitration are filed against Trepic by or with the coordination of the same counsel or coordinated group of counsel, the parties agree that: (i) the demands will be batched into sequential bellwether groups of no more than 50 cases at a time; (ii) the parties will jointly select one arbitrator to hear an initial bellwether of up to 10 cases; (iii) subsequent batches will not commence until the parties have engaged in a mediation following each bellwether; and (iv) the statute of limitations is tolled for unfiled claims while the bellwether process proceeds. This procedure is intended to facilitate efficient, individualized resolution and prevent the imposition of disproportionate aggregate filing fees outside the bellwether process.

14.5 30-day opt-out

You may opt out of this arbitration provision (including the class waiver, jury waiver, and mass-filing procedure) by sending written notice within 30 days of first accepting these Terms (or, for existing accounts, within 30 days of the effective date of this version) to Trepic, Inc., Attn: Legal — Arbitration Opt-Out, c/o the registered agent in Delaware, with a copy by email to legal@trepic.co. The notice must include your name, account email, the date you created your account or accepted these Terms, and a clear statement that you opt out of arbitration. Opting out does not affect any other portion of these Terms.

14.6 Mandatory law exceptions

Nothing in this § 14 prevents you from exercising rights you may have under mandatory consumer-protection laws of your country of residence; if those laws prohibit binding arbitration or class-action waivers for the type of dispute at issue, those provisions will not apply to that dispute. EU and UK consumers retain access to their local courts and any applicable Online Dispute Resolution platform (ec.europa.eu/consumers/odr).

14.7 Survival

This § 14 survives termination of your account and these Terms.

15. Miscellaneous

Governing law. These Terms are governed by the laws of the State of Delaware, USA, without regard to its conflicts-of-laws rules. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

Venue. Subject to § 14, any judicial action must be brought in the state or federal courts located in Wilmington, Delaware, and you consent to personal jurisdiction there.

Severability. If any provision is held invalid or unenforceable, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will remain in full force.

No waiver. Our failure to enforce any provision is not a waiver.

Assignment. You may not assign these Terms without our prior written consent. We may assign them in connection with a merger, acquisition, or sale of assets.

Entire agreement. These Terms, together with the Privacy Policy, the Refund Policy, the Cookie Policy, and any additional terms accepted in connection with specific Services, are the entire agreement between you and Trepic.

Force majeure. Neither party is liable for failure or delay in performance due to causes beyond reasonable control, including acts of God, war, terrorism, pandemics, government action, labor disputes, or supplier failures.

Notices. We may send notices to the email address you provide. You may send notices to legal@trepic.co.

16. Additional terms

16.1 Subscriptions and auto-renewal (reserved)

Trepic does not currently offer paid auto-renewing subscriptions to consumers. If we introduce a paid subscription in the future, we will, before charging you, clearly disclose: the price and billing frequency; the auto-renewal mechanic; how to cancel (including in your account settings); any free-trial mechanics and when the trial converts; and any state-specific cancellation rights (e.g., California's automatic-renewal disclosures and the FTC "Click-to-Cancel" rule). Your continued use of any paid subscription will be governed by the subscription terms presented at sign-up, which are incorporated into these Terms by reference.

16.2 Pricing accuracy and "fat-finger" cancellations

Prices and availability may change between the time of search, selection, and checkout, including due to supplier feed updates, currency-rate movement, or surge pricing. We make commercially reasonable efforts to display accurate prices, but we do not warrant that every price displayed is free of error. If a booking is confirmed in reliance on a clearly erroneous, obviously wrong, or manifestly incorrect price (a "fat-finger" or feed error), Trepic may cancel that booking and issue a full refund in lieu of honoring the erroneous price. We will not be liable for consequential damages (such as alternative travel arrangements you separately booked) arising out of such a cancellation; we encourage you to wait for booking confirmation before incurring non-refundable expenses on the rest of your trip.

16.3 Taxes

You are responsible for any personal income, occupancy, tourist, departure, or other tax obligations applicable to your travel. Trepic collects only the taxes, fees, and surcharges that we are able to display and pass through at checkout based on supplier-provided data; additional taxes, resort fees, city or tourist taxes, security or fuel surcharges, gratuities, and similar amounts may be assessed and collected by the supplier at the point of service. Trepic does not provide tax advice.

16.4 Currency and foreign-transaction fees

Prices are displayed in U.S. dollars (USD) by default unless otherwise indicated. Your card issuer or bank may apply foreign-transaction, currency-conversion, dynamic-currency-conversion, or cross-border fees that Trepic does not control, does not collect, and cannot refund.

16.5 Export controls and sanctions

You represent and warrant that (a) you are not located in, organized under the laws of, or ordinarily resident in any country or territory subject to comprehensive U.S. trade or economic sanctions (currently including Cuba, Iran, North Korea, Syria, and the Crimea, so-called "Donetsk People's Republic," "Luhansk People's Republic," and other Russian-occupied regions of Ukraine, as updated from time to time); (b) you are not identified on the U.S. Treasury Department's Office of Foreign Assets Control ("OFAC") Specially Designated Nationals and Blocked Persons List, the U.S. Commerce Department's Bureau of Industry and Security Entity List or Denied Persons List, the U.S. State Department's Debarred Parties List, or any analogous list maintained by another competent authority; and (c) you will not use the Services in violation of U.S. export-control or sanctions law.

16.6 Government end users

The Services are "commercial computer software" and "commercial computer software documentation" within the meaning of the U.S. Federal Acquisition Regulation (FAR) 12.212 and the Defense Federal Acquisition Regulation Supplement (DFARS) 227.7202. If you are a U.S. federal-government end user or contractor, your use of the Services is governed solely by these Terms and the rights granted herein, consistent with FAR/DFARS commercial-item licensing.

16.7 Electronic communications and signatures (E-SIGN)

By accepting these Terms and using the Services, you consent under the U.S. Electronic Signatures in Global and National Commerce Act (15 U.S.C. §§ 7001 et seq., "E-SIGN") and equivalent state and foreign laws to receive communications from Trepic electronically (including these Terms, the Privacy Policy, booking confirmations, change notices, refund notices, and other legal notices) and to enter into legally binding agreements with us by electronic means (including by clicking "I agree," tapping a button, or providing an electronic signature). You may withdraw this consent at any time by closing your account, in which case we may no longer be able to provide the Services to you. You may request a paper copy of any record we have provided electronically by emailing legal@trepic.co; a reasonable fee may apply.

16.8 Survival

The following provisions survive termination or expiration of these Terms: §§ 2.5 (NCMEC reporting), 4 (Acceptable use and Community Guidelines), 5.5 (Refunds), 6 (AI / Tria), 7 (Editorial), 8 (Intellectual property, including the UGC license under § 8.2 to the extent described therein), 9 (Disclaimers), 10 (Limitation of liability), 11 (Indemnification), 11A (Releases), 11B (Force majeure), 13 (Termination — effect), 14 (Dispute resolution), 15 (Miscellaneous), and this § 16, along with any other provision that by its nature should survive.

17. Loyalty / Trepic Credit

17.1 What Trepic Credit is

"Trepic Credit" is a promotional discount denominated in U.S. dollars that, when applied at checkout, reduces the amount you owe Trepic for a future eligible booking made through the Services. Trepic Credit is not money, currency, electronic money, a deposit, a prepaid access instrument, a gift card or gift certificate, a stored-value card, or any other cash equivalent. It is a contractual discount issued by Trepic in connection with the Services, redeemable only against Trepic bookings, on the terms described in this § 17 and in the Refund Policy § 5.

This § 17 applies to Trepic Credit issued in any form, whether earned through (a) the loyalty program described below, (b) promotional referral or social bonuses, (c) goodwill or support make-goods, (d) beta-program or contest awards, or (e) supplier-issued vouchers honored on the Services. Supplier-issued vouchers may additionally be subject to the issuing supplier's own validity rules, which control where they conflict with this § 17.

17.2 No cash value; non-transferable; promotional posture

You acknowledge and agree that Trepic Credit:

• has no cash value and cannot be redeemed for cash, deposited, sold, traded, withdrawn, or paid out except where required by mandatory consumer law;
• is non-transferable and may not be sold, gifted outside the Services, assigned, willed, or otherwise transferred to another person or account; any in-app sharing mechanic remains within Trepic's promotional ecosystem and does not constitute a transfer for cash value;
• is a promotional discount against a future Trepic booking and is not abandoned property or unclaimed property for purposes of any state escheatment or unclaimed-property statute (the parties intend that Trepic Credit be treated under industry-standard loyalty-program principles consistent with airline-mile and hotel-points programs, not as a gift card or stored-value instrument);
• does not bear interest;
• may be modified, suspended, or discontinued by Trepic on the terms in § 17.7 (Program changes) and § 12 (Modifications);
• may be limited or excluded on certain bookings (for example, bookings attributed to certain creator tiers earn no Trepic Credit by design — see § 17.4) and on certain rates or fare classes as disclosed at booking;
• does not constitute a security, financial instrument, or stored-value account under U.S. federal or state financial-services law.

17.3 How you earn Trepic Credit

You may earn Trepic Credit when you complete an eligible booking through the Services, as described at the point of booking and in any program summary we publish from time to time. The current V1 program issues Trepic Credit on activities-category bookings; additional categories and earning events (including social-action bonuses such as post-trip reviews, trip-share milestones, referrals, and group-trip bonuses) may be added in a future version of the program ("V2"), and will be governed by these Terms and the program summary then in effect.

Trepic Credit is issued in a locked (non-redeemable) state when you confirm a qualifying booking, and unlocks and becomes redeemable a defined number of days after your travel completes (currently 30 days). Locked credit may be reduced to zero or voided if the originating booking is cancelled, refunded, or otherwise reversed before the credit unlocks. Unlocked credit that was already redeemable is generally not clawed back if the originating booking is later refunded, but Trepic reserves the right to claw back unlocked credit in cases of fraud, abuse, or material error.

17.4 Eligibility and exclusions

Trepic Credit is earned only by travelers who hold a valid Trepic account in good standing, are 18 or older (§ 2), have accepted these Terms and the Privacy Policy, and have completed a qualifying booking. The following are not eligible: bookings cancelled before travel; bookings paid in full with Trepic Credit redemption (the redeemed portion does not re-earn); bookings flagged for fraud or chargeback risk; bookings made by a creator on their own attributed listing (self-attribution); and bookings attributed to creator tiers that are not configured as loyalty-eligible. Bookings attributed to Elite Storyteller and Founding Creator tiers earn $0 booker Trepic Credit by design; this is disclosed at the point of booking and on the relevant creator's story page, and reflects the curation premium of those tiers rather than a penalty.

17.5 How you redeem Trepic Credit

You may apply available (unlocked) Trepic Credit to an eligible future Trepic booking at checkout, up to the per-booking redemption cap displayed at checkout (currently up to 50% of the booking total). Trepic Credit is applied to the Trepic-side line of your booking and does not reduce supplier-side taxes, fees, or surcharges collected by the supplier at the point of service. Redemption is voided (and the corresponding credit restored) if the booking is abandoned before payment confirmation. If a booking paid in part with Trepic Credit is later refunded, the redeemed Trepic Credit is not restored to your balance — the cash portion is refunded under the Refund Policy and the redeemed promotional discount is treated as consumed, which is consistent with industry practice and prevents redemption loops. This is disclosed in the redemption confirmation at checkout and in the wallet entry for the booking.

17.6 Expiration

Trepic-issued Trepic Credit expires on the schedule described in the Refund Policy § 5 and any program summary then in effect. The V1 program does not impose an expiration on the loyalty balance; we expect to introduce an 18-month sliding expiration window (with at least one email and push reminder at 30 days before expiry) when the V2 program launches, in line with industry practice for promotional loyalty currency. Where the law of your jurisdiction requires a longer minimum validity period for promotional currency or treats certain credit as a gift card subject to a longer statutory validity, that longer period controls. Supplier-issued vouchers honor the validity period set by the issuing supplier at the time of mint.

17.7 Forfeiture on account closure or termination; right to delete

Trepic Credit may be forfeited in the following circumstances:

• Termination for cause. If Trepic suspends or terminates your account for cause under § 13 (including for breach of these Terms, fraud, abuse, sanctions designation, or repeated violations of the Community Guidelines), any unredeemed Trepic Credit on your account is forfeited as of the termination effective date and is not recoverable except as required by mandatory law.
• Voluntary account closure. If you close your account voluntarily (whether through account settings, by email to support@trepic.co, or by exercising a deletion right under § 9.2 (CCPA), GDPR Art. 17, or another applicable privacy law), any unredeemed Trepic Credit is forfeited at the end of the 30-day cooldown / final-redemption window described in the Privacy Policy § 9.7. During the cooldown window we will hold the deletion in pending status and give you the opportunity to redeem the credit on a final eligible booking; at the end of the window the account is finalized as deleted and any remaining credit lapses without right of recovery, monetary or otherwise. You expressly accept this forfeiture as a known and disclosed consequence of exercising the right to delete.
• Death of the account holder. Trepic Credit is non-transferable and does not pass by will, intestacy, or any other testamentary device.
• Long-term inactivity. If the account has been inactive for more than 24 months and we have given you advance notice as required by § 13, unredeemed Trepic Credit may lapse.

Lawyer TODO — explicit forfeiture acknowledgement at sign-up. The account-creation flow on trepic.app surfaces a single required checkbox accepting these Terms and the Privacy Policy, including this § 17. Lawyer to confirm whether the forfeiture-on-deletion clause is enforceable solely on Terms-of-Service acceptance, or whether a separate, near-time acknowledgement is required at the point a user submits a deletion request (i.e., a second confirmation in the deletion UX). Our default position is that ToS acceptance suffices, but we will adopt a near-time confirmation if counsel recommends.

17.8 Program changes; no contractual entitlement

The Trepic Credit program is a promotional benefit operated by Trepic at its discretion. Trepic may, at any time and on at least 14 days' notice by email or in-product banner (or such longer period as applicable law requires), modify the earn rates, redemption rules, redemption caps, expiry windows, eligible categories, attribution rules, tier definitions, and other program mechanics, in each case prospectively. Material reductions to balances already earned and unlocked will not be applied retroactively except where required by law or in response to fraud. The program does not create a contractual right to any particular earn rate, redemption value, or program continuation; it is honorific of an ongoing customer relationship and not a guaranteed benefit. Trepic may discontinue the program entirely on the notice period above, in which case existing unlocked balances will remain redeemable for a reasonable wind-down period (not less than 90 days, except in the case of program termination for fraud or legal cause) before lapsing.

17.9 Tax treatment

Trepic Credit you earn is generally a promotional discount on future Trepic services and, in Trepic's view, is not taxable income to you at the time of earning. Trepic does not provide tax advice. Depending on your jurisdiction and the form of the credit (for example, certain referral bonuses paid above statutory de-minimis thresholds), Trepic may be required to report payments to taxing authorities and to you (e.g., on a U.S. Form 1099-NEC where applicable). You are responsible for any tax obligation applicable to your participation in the program.

17.10 Disclaimer and limitation

Trepic Credit is provided "as is" and without warranty of any kind. To the maximum extent permitted by law, the disclaimers and liability caps in §§ 9 and 10 apply to disputes arising out of or relating to the Trepic Credit program, and your sole remedy for any failure of Trepic to honor a credit you reasonably believe is owed is a corresponding re-credit to your loyalty balance (not a cash payment) where Trepic determines, in good faith, that re-credit is appropriate.

18. Contact

Trepic, Inc. — a Delaware corporation.
support@trepic.co — general and booking support
legal@trepic.co — legal notices and arbitration opt-outs
privacy@trepic.co — privacy-specific inquiries
dpo@trepic.co — Data Protection Officer (EU/UK)
security@trepic.co — security and account-takeover reports
copyright@trepic.co — DMCA notices and counter-notices
brand@trepic.co — trademark complaints
trust@trepic.co — Trust & Safety and Community Guidelines reports
accessibility@trepic.co — accessibility concerns

Privacy Policy §

Version 2026.05.23-r4-DRAFT · Effective (pending lawyer review)

Trepic, Inc. ("Trepic," "we," "us," "our") respects your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, the rights you have, and how to exercise them. It covers trepic.co (our marketing site), trepic.app (the booking and trip-planning product, including the iOS Progressive Web App), trepicstories.com (our editorial site), our APIs, our emails, push notifications we send, and any other product or service that links to this policy (collectively, the "Services").

If you have any question or want to exercise your rights, contact us at privacy@trepic.co. EU/UK users may also contact our Data Protection Officer at dpo@trepic.co.

1. Quick summary

• We collect information you give us (account, traveler details, photos, reviews, payment info entered via our payment processor), information generated by your use of the Services (itineraries, Tria prompts, search history, push tokens), and limited technical metadata (device, IP, cookies, crash logs).
• We use it to provide the Services, complete bookings with third-party suppliers, personalize Tria's AI suggestions, prevent fraud, comply with law, and (with your consent) send marketing emails and push notifications.
• We do not sell your personal information. We do not "share" it for cross-context behavioral advertising as those terms are defined under the California CPRA.
• Trepic is a U.S.-incorporated company (Delaware). We accept international travelers and rely on the EU Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework (where applicable) for transfers of EEA/UK personal data to the United States.
• You have rights — including access, correction, deletion, portability, opt-out, and (in California) the right to limit use of sensitive personal information — and we honor them under GDPR (EU/UK), CCPA/CPRA (California), LGPD (Brazil), PIPEDA (Canada), the Australia Privacy Act, and equivalent laws.
• We do not knowingly collect personal information from children under 13 (COPPA) or under 16 in the EEA/UK.

2. Information we collect

2.1 Information you give us

Account & profile. Name (display and legal), email address, password (stored hashed and salted by our authentication provider — we never see it), username, profile photo, bio, home location, language and currency preference, and (optional) date of birth, gender, and travel preferences. Authentication can be magic-link or email + password.

Traveler details for bookings. Full legal name(s) of every traveler in the party, date(s) of birth, gender (where required by the airline or operator), nationality, passport number, passport expiration, frequent-flyer or loyalty numbers, contact phone, dietary or accessibility requests, and emergency-contact information when required by the supplier. Some of this is considered "sensitive personal information" under CCPA/CPRA (passport number) and is collected only for the purposes of completing a specific booking.

Payment information. Payment-card details are entered directly into our PCI-DSS-compliant payment processor's secure payment elements and are not received or stored by Trepic. We receive only a tokenized reference (PaymentMethod ID), the card brand, last four digits, country, expiration month/year, and the result of the authorization. For hotel bookings we use a manual-capture pattern through the same processor.

Trip planning & Tria AI inputs. The prompts, preferences, dates, party-size, budget range, vibe selections, and free-text instructions you provide to Tria (our AI itinerary planner and conversational travel assistant). This is used to generate your itinerary, answer your follow-up questions, and surface place suggestions, and may be passed to third-party large-language-model providers (see § 5).

Imported inspiration content. If you use Tria's inspiration-import feature, the link you paste or the file you upload (such as a screenshot, photograph, or PDF) is processed by AI parsing services to extract a draft itinerary, places, and other structured fields. We retain the original input and the extracted draft against your account so you can review or re-process it; you can delete either at any time. See § 5 for the categories of service providers involved.

Location used for place suggestions. When you ask Tria for nearby restaurants, cafés, activities, or other points of interest, the approximate coordinates of the place you are asking about (such as a city, neighborhood, hotel, or itinerary stop), together with the search criteria you specify (such as meal, cuisine, or price tier), are sent to third-party place-data and review providers to surface real listings. We do not send your name, email, or other identifiers in those queries. Where you have not opted in to precise (GPS) geolocation, the coordinates are derived from the place name in your trip rather than your device.

Reflection prompts and journal entries. Short reflection prompts you ask Tria to schedule, the schedule time, the place each prompt is tied to, and any notes or reflections you save back into your trip journal. These are private to your account by default and travel with your trip; you can dismiss, edit, or delete them at any time.

Creator-program status. If you participate in the creator program, your creator-tier designation, any badges or status indicators displayed on your profile, and the activity metadata used to evaluate those designations (such as published-story counts, content categories, and program-compliance flags). See Terms § 8.3.

Loyalty and creator-attribution data. If you book through the Services or interact with creator stories on the Services, we collect and maintain: (a) your booking history (the bookings you have completed, their suppliers, categories, totals, and statuses, as already described in this § 2 and retained per § 8); (b) the trepic_attribution first-party cookie identifier, a randomly generated UUID set on your device when you visit the Services to determine which creator's story (if any) referred a subsequent booking — see § 7 and the Cookie Policy; (c) your Trepic Credit ledger, including each issue, unlock, redeem, void, expire, adjustment, and (where applicable) social-action bonus event tied to your account, with the booking, supplier-category, and earn-rate metadata necessary to reconcile the ledger; (d) your redemption patterns, including which bookings you applied credit to, the amount applied, and the resulting balance; and (e) any creator attribution snapshots linking a booking to the creator and story whose content drove it. The Trepic Credit ledger is append-only and is used to operate the loyalty program, calculate and disburse creator commissions, prevent fraud, and meet our accounting and audit obligations. Social-action bonuses (for example, post-trip review bonuses, trip-share milestones, referral bonuses, and group-trip bonuses) are a future ("V2") capability not active today; when they launch, the underlying data (your review submission, your share action, the referral linkage between you and another user) will be processed under this Privacy Policy.

Collections, trips, journals. The itineraries, day plans, saved experiences, journal entries, collections, and group-trip invitations you create.

User-Generated Content. Photos you upload, trip stories, captions, reviews, ratings, comments, and messages you send to other users or to suppliers via Trepic.

Communications. Email correspondence with support, in-product feedback, and survey responses.

Waitlist, creator, brand inquiries. Name, email, role, social handles, follower counts, niche, property name, region, and free-text pitch — collected via forms on trepic.co.

2.2 Information collected automatically

Device & technical metadata. Device type and model, OS and OS version, browser type and version, screen size, language, time zone, IP address, ISP/ASN, approximate location derived from IP (city-level only — we do not request GPS-precise location unless you explicitly opt in for trip-time navigation features), referring URL, and pages or screens viewed within the Services.

Usage data. Clicks, scroll depth, feature usage, errors and crashes, page-load timings, and interaction patterns with Tria and search.

Push-notification tokens. If you enable push notifications (web Push API on desktop, iOS PWA push on iOS 16.4+), we store the push subscription endpoint and keys associated with your account so we can send trip reminders, booking confirmations, group-trip messages, and (with consent) marketing notifications. You can revoke this at any time in your browser/OS settings or in /app/profile/settings.

Cookies and similar storage. See § 7 and our Cookie Policy. The marketing site sets only strictly-necessary cookies plus a consent-banner record. The app sets session cookies, an authentication cookie issued by our authentication provider, and PWA service-worker caches.

Email engagement. When we send you an email, our email-delivery provider may record open and click events using a tracking pixel and link wrapping. You can opt out of engagement tracking at any time at privacy@trepic.co.

SMS engagement. If you enroll in SMS notifications, our SMS provider records delivery status, opt-out responses (STOP/HELP), and message metadata. Carriers may charge standard message-and-data rates.

Regional context (country-from-IP). When you visit a Trepic page, we use your IP address to derive a two-letter country code (for example, US or JP) so that creators can see, in aggregate, where their stories resonate — never to identify you. We do not store your IP address; only the derived country code is associated with the attribution event. Creators see country breakdowns in their dashboard only when at least five readers from that country viewed the story (a privacy floor we apply in our reporting layer). This same country-from-IP derivation will also apply to the planned TikTok and Instagram OAuth-linked-account stats integration (see § 2.3): when a creator links a social account, the engagement metrics we retrieve will be associated with derived country codes under the same five-reader floor.

2.3 Information we receive from third parties

Suppliers and partners. Booking confirmations, e-tickets, voucher numbers, supplier reference IDs, hotel-room confirmations, flight PNRs, change/cancellation notices, and (where relevant) refund disposition from the travel inventory partners we use to source flights, hotels, and activities.

Payment processor. Authorization results, charge confirmations, refund status, dispute and chargeback notices, and fraud-risk signals from our payment processor.

Single sign-on / referrals. If you sign in with a third-party identity provider (when offered) or are invited by another user, we receive your name, email, and the inviter's referral context.

2.4 Sensitive personal information

For purposes of CCPA/CPRA we may process the following categories of "sensitive personal information" ("SPI"): precise geolocation (only if you opt in for trip-time navigation), government identifiers (passport number) for bookings that require them, and account-access credentials (in hashed form). We do not collect biometric identifiers, health data (other than dietary/accessibility requests you choose to share), racial or ethnic origin, religious beliefs, sexual orientation, or union membership.

Limits on use of SPI. We use SPI only for the purposes permitted under CPRA § 1798.121(a) — namely, to provide the goods or services you requested, to prevent and investigate security incidents and fraud, to ensure physical safety, to perform internal short-term and transient processing, and to verify or maintain the quality of the Services. We do not use SPI to infer characteristics about you, to profile you for advertising, or for any other purpose without first providing the disclosures and opt-in required by law. California residents have the right to limit our use of SPI under § 9.2.

Photo metadata (EXIF). Photos you upload may contain embedded metadata such as GPS coordinates, device model, and capture time. To protect your location privacy, we strip GPS and other sensitive EXIF fields from uploaded photos before storing or displaying them. We may retain non-sensitive metadata (orientation, color profile) needed to render the image correctly. You may request your original, unstripped file from privacy@trepic.co at any time.

3. How we use your information

Automated decision-making (GDPR Art. 22). Tria's recommendations are generated by large-language models, but they are not decisions that produce legal or similarly significant effects on you within the meaning of GDPR Article 22. You always have the choice to accept, edit, or discard Tria's suggestions; nothing is booked automatically without your explicit confirmation. You always have the right to obtain human intervention by contacting support@trepic.co.

3.1 AI processing transparency (Tria)

When you interact with Tria, your prompt — together with limited account context (home location, language, currency, prior trip themes, and party-size constraints you have stated) — is sent to one or more third-party large-language-model providers for inference. We require these providers, by contract, not to use your content to train their underlying foundation models, and we configure zero-data-retention or short-retention modes where commercially reasonable. We retain your Tria prompts and responses, linked to your account, for up to 24 months for product improvement, safety review, and abuse investigation; de-identified evaluation pairs may be retained longer. You can request earlier deletion by emailing privacy@trepic.co.

3.2 Inference of preferences

We may infer preferences from your stated interactions (e.g., "tends to favor boutique stays," "prefers walkable city itineraries," "interested in mountain destinations") to improve recommendations and personalize Tria. These inferences are used only inside the Services for your benefit. We do not sell or share these inferences for advertising. You may request that we stop drawing such inferences or that we delete existing inferences by emailing privacy@trepic.co.

3.3 No cross-context behavioral advertising

We do not engage in cross-context behavioral advertising, do not sell personal information, and do not "share" personal information for cross-context behavioral advertising as those terms are defined under the California CPRA. If this ever changes, we will (i) update this Privacy Policy at least 14 days before any such processing begins, (ii) provide a working Do Not Sell or Share My Personal Information mechanism, and (iii) re-obtain consent where required.

4. Legal bases (EEA, UK, Switzerland)

We rely on one or more of the following bases under Article 6 of the GDPR:

• Performance of a contract (Art. 6(1)(b)) — providing the Services you have signed up for, completing bookings you initiate, processing payments, sending booking confirmations and trip-management communications, evaluating creator and partnership applications.
• Consent (Art. 6(1)(a)) — marketing emails, push notifications, SMS, optional analytics cookies, precise geolocation for trip-time navigation, and any free-text fields where you choose to share special-category data. You can withdraw consent at any time without affecting prior lawful processing.
• Legitimate interests (Art. 6(1)(f)) — security, fraud and abuse prevention, debugging, network and information security, aggregated product analytics, defending legal claims, internal administration, and direct marketing of similar Trepic services to existing customers (soft opt-in, where permitted). We balance these interests against your rights and freedoms in a documented Legitimate Interests Assessment, available on request.
• Legal obligation (Art. 6(1)(c)) — responding to data-subject requests, complying with tax and accounting rules, retaining records for the periods required by law, and responding to lawful regulatory, court, or government requests.
• Vital interests (Art. 6(1)(d)) — in rare cases, sharing limited information with emergency services or supplier on-site staff if necessary to protect life or health.

For special-category data (GDPR Art. 9) — dietary or accessibility information you provide to a supplier, for example — our basis is your explicit consent (Art. 9(2)(a)) or, where applicable, the establishment, exercise, or defense of legal claims (Art. 9(2)(f)).

4.1 Legal bases for the Trepic Credit loyalty program and the trepic_attribution cookie

We rely on the following bases for loyalty-program and creator-attribution processing:

• Consent (Art. 6(1)(a)) — for the trepic_attribution first-party cookie. The trepic_attribution cookie is not strictly necessary to provide the Services (you can browse, plan, and book without it). EEA/UK/Swiss visitors are asked for prior opt-in consent through the cookie banner before the cookie is set, in line with Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC) as transposed nationally. You can withdraw consent at any time through the in-product cookie-preferences control (see the Cookie Policy § 5), and withdrawing consent will not affect your ability to use the Services. If you do not consent, no attribution cookie is set and no creator-attribution event is recorded for your visit; you remain able to book, earn loyalty credit on eligible bookings, and use every feature of the Services.
• Legitimate interests (Art. 6(1)(f)) — for loyalty-program operations. Operating the Trepic Credit ledger (issuing, unlocking, redeeming, voiding, expiring, and auditing credit), calculating creator commissions, defending against fraud and abuse, meeting ASC 606 and analogous accounting requirements for deferred revenue, and producing the audit trail necessary to respond to regulator, tax, and audit requests. Where you are an EEA/UK/Swiss data subject, our balancing test is summarized below:
  • Purpose / necessity. A reliable, append-only loyalty and commission ledger is necessary to honor the promotional rewards we promise to travelers, to pay creators correctly, to defend against duplicate or fraudulent redemption, and to meet our financial-accounting obligations. There is no less-intrusive alternative that delivers the same benefit.
  • Data minimization. We process only the minimum data required to operate the ledger: account identifier, booking identifier, event type, amount, supplier-category source, earn-rate snapshot, and timestamps. We do not enrich the ledger with marketing-profiling data, do not share it with advertising networks, and do not use it to make decisions producing legal or similarly significant effects on you (GDPR Art. 22). Loyalty-redemption inferences are used only inside the Services for your benefit.
  • Reasonable expectation. A traveler who joins a free loyalty program reasonably expects the operator to maintain a ledger of their balance and redemption history. The processing is consistent with that expectation.
  • Impact on you. Low. The data is contractual and operational, retained per the schedule in § 8, and access is restricted by role under our admin-RBAC controls. We do not sell or "share" loyalty data and do not use it for cross-context behavioral advertising (§ 3.3).
  • Safeguards. Append-only event ledger; admin actions are audit-logged; access is least-privilege; deletion requests are honored per § 9.7 (with the disclosed forfeiture consequence); transparency through this Privacy Policy and the loyalty-program terms at Terms § 17; right to object under Art. 21 (see § 9.1).
  • Conclusion. The legitimate interest of operating an accurate loyalty ledger and paying creators correctly is not overridden by the data-subject's interests, rights, or freedoms, particularly given the disclosed forfeiture-on-deletion mechanic and the right to object.
  A copy of the full Legitimate Interests Assessment is available on request to dpo@trepic.co.
• Performance of a contract (Art. 6(1)(b)) — to redeem credit on a booking you initiate. When you elect to apply Trepic Credit at checkout, processing the redemption against your booking is necessary to perform the booking contract you have requested.
• Legal obligation (Art. 6(1)(c)) — for record retention. Loyalty-ledger and commission-ledger records are retained for the periods set by applicable tax, accounting, and consumer-law rules (see § 8), and to respond to lawful audit, regulator, or court requests.

Right to object (Art. 21). You may object at any time to legitimate-interest processing of your loyalty data by emailing privacy@trepic.co. Upholding an objection generally means your account stops accruing further Trepic Credit and we cease using your ledger data for non-essential analytics; the existing ledger continues to be retained to the extent required by law and to defend legal claims.

5. How we share your information

5.1 Categories of service providers

We engage third-party service providers to process personal information on Trepic's behalf, under written data-processing agreements that require confidentiality, appropriate security, and use of the data only on Trepic's documented instructions. We use providers in the following categories:

An up-to-date list of specific service providers in each category — together with their location and the cross-border transfer mechanism that applies — is available upon request to privacy@trepic.co. We may add or replace service providers; where required, we will update this policy and provide notice (via the version history at the foot of this page) at least 14 days before the change takes effect, giving you a meaningful opportunity to object.

5.2 Suppliers (independent controllers)

When you complete a booking, Trepic acts as a booking agent and shares the personal data required to complete that booking with the underlying supplier (the hotel, airline, or activity operator) and the distribution platform we use to reach them. The supplier becomes an independent controller of that data and processes it under its own privacy policy, which we encourage you to review before booking.

5.3 Business transfers

If Trepic is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your personal information may be transferred. We will notify you and give you a meaningful choice where required by law.

5.4 Legal and safety

We may disclose information when we believe in good faith that disclosure is required by law, court order, or governmental request, or is necessary to protect the rights, property, or safety of Trepic, our users, our suppliers, or the public, or to investigate suspected fraud or violations of our Terms.

5.5 We do not sell or "share" your data

We do not sell your personal information for money. We do not "share" your personal information for cross-context behavioral advertising as those terms are defined under California's CPRA. We have not done so in the preceding twelve months and have no plans to start. If this ever changes, we will update this policy, provide a Do-Not-Sell-or-Share mechanism, and re-obtain consent where required.

6. International data transfers

Trepic is incorporated in the United States, and most of our sub-processors are headquartered there. If you are located in the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction whose laws restrict transfers of personal data to the United States, we rely on one or more of the following transfer mechanisms:

• the European Commission's Standard Contractual Clauses (2021 SCCs), Modules 1, 2, and 3 as applicable, with the UK Addendum and the Swiss-specific addenda where required;
• the EU-U.S. Data Privacy Framework, the UK-U.S. Data Bridge, and the Swiss-U.S. Data Privacy Framework, for sub-processors that are self-certified to those frameworks;
• where neither is available for a particular transfer, your explicit, informed consent or the necessity of the transfer for performance of our contract with you (GDPR Art. 49(1)(a) and (b));
• supplementary safeguards including TLS 1.2+ encryption in transit, AES-256 encryption at rest, role-based access controls, encryption-key management, transfer-impact assessments, and a documented response protocol for governmental access requests.

A copy of the SCCs and our transfer-impact assessment for a specific sub-processor is available on request at dpo@trepic.co.

7. Cookies and tracking

We use cookies and similar storage technologies (localStorage, sessionStorage, service-worker caches) in three categories. Categories that are not strictly necessary are loaded only after your consent.

For full detail and to change your choices, see our Cookie Policy. We honor Global Privacy Control (GPC) and "Do Not Track" signals as a request to opt out of analytics and any future targeted advertising.

8. How long we keep your information

You can ask us to delete your information at any time, subject to limited exceptions (for example, where we must keep records to comply with law, to defend legal claims, or to complete a transaction you initiated).

9. Your rights

9.1 GDPR (EEA, UK, Switzerland)

Under the EU/UK General Data Protection Regulation you have the following rights:

• Access (Art. 15) — confirmation of whether we process your data and a copy of it;
• Rectification (Art. 16) — correction of inaccurate or incomplete data;
• Erasure / "right to be forgotten" (Art. 17) — deletion in defined circumstances;
• Restriction of processing (Art. 18);
• Data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format and transmit it to another controller;
• Object (Art. 21) — to processing based on legitimate interests, including for direct marketing (which we will always honor unconditionally);
• Not be subject to solely-automated decisions with legal or similarly significant effects (Art. 22) — Tria does not make such decisions;
• Withdraw consent at any time, without affecting prior lawful processing;
• Lodge a complaint with your supervisory authority — e.g., the UK Information Commissioner's Office (ICO), the Irish Data Protection Commission (DPC), the French CNIL.
• Loyalty-balance forfeiture is a known consequence of erasure. If you exercise the right to erasure (Art. 17), any unredeemed Trepic Credit on your account is forfeited at the end of the 30-day cooldown / final-redemption window described in § 9.7. By submitting an erasure request you affirmatively accept this consequence, which is independently described in Terms § 17.7. You may redeem any unlocked Trepic Credit on a final eligible booking during the cooldown window; we will not unlock additional credit during the window.

9.2 California (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know the categories and specific pieces of personal information we have collected about you, the sources, the business or commercial purpose, and the categories of third parties with whom we share it;
• Delete personal information we have collected from you, subject to permitted exceptions;
• Correct inaccurate personal information;
• Opt out of the sale or sharing of personal information (we do neither — see § 5.5);
• Limit the use and disclosure of Sensitive Personal Information to that necessary to provide the Services you requested;
• Non-discrimination — we will not deny service, charge different prices, or provide a different level of quality because you exercised any of these rights;
• Designate an authorized agent to make a request on your behalf (we will require proof of authorization).
• Loyalty-balance forfeiture is a known consequence of deletion. If you submit a "right to delete" request and we are not subject to one of the exceptions in Cal. Civ. Code § 1798.105(d), any unredeemed Trepic Credit on your account is forfeited at the end of the 30-day cooldown / final-redemption window described in § 9.7. We do not treat this forfeiture as discriminatory under § 1798.125 because Trepic Credit is a promotional discount tied to an ongoing customer relationship, not a fee charged for the exercise of a privacy right; the credit is non-transferable, has no cash value, and is forfeited under the same disclosed program rules that apply to any other account closure (see Terms § 17.7). You may redeem any unlocked credit on a final eligible booking during the cooldown window; we will not unlock additional credit during the window. By submitting a deletion request, you affirmatively accept this consequence.

You may submit a "Do Not Sell or Share My Personal Information" request at § DNSMPI even though we do not sell or share — it is honored either way. We also honor Global Privacy Control signals as a valid opt-out.

CCPA categories of personal information collected that relate to the Trepic Credit program (added r4): "Commercial information" (Cal. Civ. Code § 1798.140(v)(1)(D)) — including your booking history, loyalty-ledger entries (issued, unlocked, redeemed, voided, expired, adjusted, and social-action bonus events), and redemption patterns; and "Internet or other electronic network activity information" (§ 1798.140(v)(1)(F)) — including the trepic_attribution first-party cookie identifier and creator-attribution events derived from it. Trepic does not sell or share these categories for cross-context behavioral advertising, has not done so in the preceding 12 months, and has no plans to start (see § 5.5). The business purposes for which we collect these categories are the loyalty-program-operations purposes listed in § 4.1.

9.2A California "Shine the Light" (Cal. Civ. Code § 1798.83)

California residents may once per year request a notice describing the categories of personal information we shared with third parties for those third parties' direct-marketing purposes in the prior calendar year, and the names and addresses of those third parties. We do not share personal information with third parties for their direct-marketing purposes. If this ever changes, we will update this notice. To request a Shine the Light notice, email privacy@trepic.co with the subject line "California Shine the Light Request."

9.2B Nevada (NRS § 603A.340)

Nevada residents have the right to direct certain operators not to "sell" their covered personal information to other persons. As described in § 5.5, Trepic does not sell personal information. To submit a Nevada opt-out request out of an abundance of caution, email privacy@trepic.co with the subject line "Nevada Opt-Out" and include your name, account email, and the email address you would like associated with the request.

9.2C Other U.S. state laws (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Indiana, Tennessee, Iowa, Delaware, New Jersey, New Hampshire, and others)

Residents of these states have rights similar to those above, including access, deletion, correction, portability, and opt-out of targeted advertising, sale, and certain profiling. We honor these rights under the applicable state's law. Submit a request at privacy@trepic.co.

9.3 Brazil (LGPD)

Data subjects in Brazil have the right to: confirmation of processing and access; correction of incomplete, inaccurate, or outdated data; anonymization, blocking, or deletion of unnecessary or non-compliant data; portability; deletion of data processed with consent; information about entities with whom we have shared data; information about the option to refuse consent; and to revoke consent.

9.4 Canada (PIPEDA)

You may request access to your personal information, challenge its accuracy, and ask us to correct it.

9.5 Australia (Privacy Act 1988)

You may request access to and correction of your personal information held by us under Australian Privacy Principles 12 and 13.

9.6 How to exercise your rights

Email privacy@trepic.co or use the form at § DNSMPI. We will verify your identity (typically by replying to the email address on file) and respond within 30 days. There is no charge for reasonable requests.

9.7 Loyalty-program data and the right to delete

This § 9.7 explains how the Trepic Credit loyalty ledger interacts with your right to delete or erase personal information (CCPA / CPRA § 1798.105; GDPR Art. 17; and analogous rights under other applicable privacy laws). The substantive program terms live at Terms § 17.7; this section describes the privacy-side mechanics.

What we hold

For each Trepic account, the loyalty ledger holds an append-only sequence of events (issued, unlocked, redeemed, voided, expired, adjusted, and, in V2, social-action bonus events) keyed to your account identifier and the underlying booking identifier. Each event records the amount, the supplier-category source, the earn-rate snapshot, and the timestamp. The ledger is the system-of-record for your balance, for creator commission calculations, and for our ASC 606 deferred-revenue reporting.

30-day cooldown / final-redemption window

When you submit a deletion or erasure request that would close your account, we apply a 30-day cooldown / final-redemption window before the deletion is finalized. The window begins on the date we acknowledge your request (after identity verification per § 9.6). During the window:

• your account remains active for the limited purpose of letting you redeem any unlocked Trepic Credit on a final eligible booking;
• we do not issue further marketing communications to you and do not surface your profile or content to other users;
• we do not unlock any additional credit during the window (locked credit remains locked);
• you may cancel the deletion request at any time before the window ends by replying to the verification email.

At the end of the window, we (a) finalize the deletion of personal information not subject to a legal-retention exception, (b) forfeit any remaining unredeemed Trepic Credit as a disclosed consequence of program participation (see Terms § 17.7), and (c) retain anonymized ledger metadata necessary to defend the integrity of the ledger and meet ASC 606, tax, and audit requirements. Anonymized retention is not personal information about you for purposes of this Policy.

Industry context (Marriott / Hilton / airline-program comparable practice)

The cooldown / final-redemption pattern is consistent with industry-standard loyalty-program practice (used, among others, by Marriott Bonvoy, Hilton Honors, and major airline programs) and is intended to give you a meaningful opportunity to use your balance before deletion completes — not to deter you from exercising your privacy rights.

What gets deleted vs. what is retained

Where mandatory law (for example, a state gift-card statute that we believe does not apply but which a court or regulator later applies to Trepic Credit) requires cash payout of an unredeemed balance, we will honor that mandatory law and the forfeiture rule will yield to the extent required.

10. Children's privacy

The trepic.app booking product is not directed to children. We do not knowingly collect personal information from children under 13 (United States — COPPA, 15 U.S.C. §§ 6501–6506), under 16 in the EEA, the UK, Switzerland, or other GDPR-aligned jurisdictions, or in any case below the applicable digital-consent age of the user's jurisdiction. The minimum age to book travel through Trepic is 18. Some editorial content on trepicstories.com may be accessed by readers age 13 and older, but creating an account or providing personal information requires meeting the age threshold above.

No advertising or profiling of children. We do not use any data we may inadvertently receive from a child to advertise to, profile, or target the child, and we do not knowingly sell or share any child's personal information for any purpose.

Parental remedies. If you are a parent or legal guardian and believe we have collected information from a child below the applicable threshold, contact privacy@trepic.co. We will (a) verify your status as the parent or legal guardian (typically by reasonable means appropriate to the request); (b) delete the child's personal information from our active systems within 30 days; (c) refuse further collection; and (d) terminate any associated account. You may also review the information we hold and refuse to permit our further collection.

NCMEC reporting. Trepic reports apparent child sexual exploitation to the National Center for Missing & Exploited Children ("NCMEC") under 18 U.S.C. § 2258A and cooperates with law enforcement. We deploy commercially reasonable child-safety detection, including, where applicable, hash-matching against known CSAM hash sets, on User Content surfaces. Accounts associated with such conduct are terminated permanently.

California minors right of removal (Cal. Bus. & Prof. Code § 22581). If you are a California resident under 18 who has posted User Content on the Services, you have the right to request removal of that content. Email privacy@trepic.co with details. Removal does not ensure complete or comprehensive removal of the content from the internet (for example, where another user has re-shared it).

11. Security

We maintain a written information-security program reasonably designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. Measures include:

• TLS 1.2+ encryption in transit; AES-256 encryption at rest for our primary databases;
• password hashing (bcrypt / Argon2 via our authentication provider); HMAC-signed session cookies; SameSite + Secure attributes; CSRF protection;
• tokenization of payment-card data at our payment processor (we never receive raw card numbers);
• server-side input validation; parameterized queries; strict Content-Security-Policy;
• per-IP rate limiting and edge bot mitigation;
• role-based, least-privilege access controls; multi-factor authentication for staff; audit logs;
• quarterly secret rotation; periodic third-party penetration testing;
• vendor-security review for all sub-processors before onboarding.

No system can guarantee absolute security. If you become aware of a vulnerability, please email security@trepic.co.

12. Breach notification

If we determine that a personal-data breach has occurred that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware (GDPR Art. 33) and, where the breach is likely to result in a high risk to you, we will notify you directly without undue delay (GDPR Art. 34). U.S. residents will receive notice in accordance with applicable state breach-notification laws.

13. Changes to this policy

If we make material changes, we will post the updated policy here, increment the version number, update the "Last updated" date, and (where required) notify you by email or via a prominent in-product notice at least 14 days before the change takes effect.

Version history.

• 2026.05.23-r4-DRAFT — Loyalty program + creator-attribution updates (pending outside-counsel review). New disclosures in § 2.1 (loyalty + attribution data, including the trepic_attribution first-party cookie, the Trepic Credit ledger, redemption patterns, and the V2-future social-action bonuses); new § 4.1 (Art. 6(1)(a) consent basis for the attribution cookie and Art. 6(1)(f) legitimate-interest basis for loyalty-program operations, with documented balancing test); new service-provider row in § 5.1 for payment & loyalty processing; loyalty-balance-forfeiture sub-bullets added to the GDPR and CCPA right-to-erasure / right-to-delete lists; new § 9.7 (Loyalty-program data and the right to delete) with 30-day cooldown / final-redemption window and what-gets-deleted-vs-retained table; new CCPA category disclosure for commercial information (booking history, ledger, redemption patterns) and electronic-network-activity information (attribution cookie identifier). Mirrors Terms r4 (new § 17 Loyalty / Trepic Credit and the § 2.1 18+/COPPA restatement) and the Cookie Policy update classifying trepic_attribution as Functional with EU opt-in / US opt-out.
• 2026.05.22-r3 — Coverage updates for new product capabilities: place-data and review providers added as a service-provider category (§5.1) for Tria's location-based recommendations; expanded §2.1 to disclose imported inspiration content (links and files), location coordinates used for place suggestions, scheduled reflection prompts and saved reflections, and creator-program status (tier/badges); AI/ML category broadened to cover conversational responses and inspiration-import parsing. Mirrors Terms r3 (§§ 6.6–6.9 and 8.3 creator-program clause).
• 2026.05.18-r2 — "Ironclad" expansion: added AI-processing transparency (Tria §3.1), inference-of-preferences (§3.2), no-cross-context-behavioral-advertising commitment (§3.3), strengthened Sensitive Personal Information limits and EXIF stripping (§2.4), strengthened children's-privacy section with NCMEC reporting and California minors right of removal (§10), California Shine the Light (§9.2A), Nevada SB 220 (§9.2B), expanded state-law coverage (§9.2C), cross-links to new policies (Community Guidelines, DMCA, Trust & Safety, Accessibility, CA Privacy Notice).
• 2026.05.18 — Comprehensive rewrite to cover the trepic.app booking product, full sub-processor list, GDPR Articles 15-22, CCPA/CPRA sensitive-PI handling, and U.S. state-law coverage.
• 2026.04.29 — Initial public version covering the trepic.co marketing site only.

14. Contact

Trepic, Inc. — a Delaware corporation.
Privacy contact: privacy@trepic.co
Data Protection Officer (EU/UK): dpo@trepic.co
Security reports: security@trepic.co
Mail: c/o the registered agent in Delaware (full address available on request).

If you are in the EEA, UK, or Switzerland and we have not designated an Article 27 representative, you may direct correspondence to the addresses above. We will appoint a representative if and when we are required to do so.

Refund Policy §

Effective May 17, 2026

This Refund Policy explains when and how Trepic issues refunds for bookings made through the Services. It is part of our Terms of Service; capitalized terms not defined here have the meanings given in the Terms.

Trepic is a booking agent. Every booking is governed by the underlying supplier's own cancellation and refund rules, which you see and accept at checkout. This page summarizes how those rules flow through Trepic and how our operations team handles refunds in practice.

1. The short version

• Refundability depends on the rail (hotel, flight, activity) and on the specific rate or fare you chose.
• You will always see the cancellation deadline and refundability terms on the booking screen before you confirm.
• Refunds are returned to your original payment method. Trepic Credit and vouchers go back to your Trepic Credit balance, not to your card.
• Trepic refunds the amount paid to Trepic. Card-issuer foreign-transaction fees and currency-conversion losses are not refundable by us.
• If something goes wrong, write to support@trepic.co within 30 days. We respond within 2 business days.

2. Hotels (booked via LiteAPI)

2.1 Refundable rates

If you book a refundable hotel rate, you receive a full refund when you cancel before the supplier's cancellation deadline. The deadline is set by the hotel (typically 24 to 72 hours before check-in, but it can vary by property and rate) and is shown on the booking screen and in your confirmation email.

Cancellations after the deadline are not refundable. No-shows are treated as cancellations after the deadline.

2.2 Non-refundable rates

If you book a non-refundable rate, no refund is available. These rates are clearly flagged on the booking screen and in the confirmation. They are typically discounted in exchange for the non-refundable terms.

2.3 Partial stays

Partial-night cancellations are not supported. You can cancel the full booking; you cannot shorten it through Trepic after confirmation. Contact the property directly if you need to shorten an in-progress stay (their refund policy will apply).

2.4 Refund timeline

Once Trepic receives the supplier's confirmation of cancellation, refunds are issued via Stripe to your original payment method within 5 to 10 business days. Your bank may take additional time to post the credit.

3. Flights (booked via Duffel)

3.1 Fare rules apply

Flight refundability is set by the operating airline's fare rules, which you see and accept at checkout. In general:

• Refundable fares — full refund minus any airline-imposed cancellation fee.
• Non-refundable fares — typically forfeited; in some cases, the airline may offer a credit or voucher in lieu of refund.
• Changes — many fares allow changes for a fee plus any fare difference; some do not. The fare rules are authoritative.

3.2 Airline-initiated changes

If the airline cancels your flight or makes a significant schedule change, you are entitled to the airline's involuntary-refund or rebooking remedies. Trepic will assist you in invoking them, but the refund is issued by the airline through Duffel.

3.3 Refund timeline

Flight refunds are airline-dependent and typically arrive within 7 to 21 business days after the airline approves the refund. Trepic does not control airline processing time.

3.4 Ancillaries and taxes

Seat selections, baggage, and other ancillaries follow their own refund rules. Unrecoverable government taxes and airline service fees may be retained by the airline even on refundable fares.

4. Activities and experiences (booked via Bokun)

4.1 Standard policy

Most Bokun activities are refundable when cancelled at least 24 hours before the activity start time, per Bokun's MVP supplier policy. The exact cancellation window is set by each operator and shown on the booking screen.

4.2 Non-refundable experiences

Some operators offer non-refundable experiences (for example, limited-capacity culinary classes or private guides). These are clearly flagged at booking.

4.3 Operator-issued cancellations

If the operator cancels (weather, undercapacity, equipment failure, force majeure), you receive a full automatic refund to your original payment method.

4.4 Viator affiliate links

Activities you reach via affiliate links to Viator are booked directly with Viator under Viator's terms; refunds are issued by Viator, not Trepic.

5. Trepic Credit and vouchers

• Earned credit (for example, credit issued as a goodwill gesture or earned through a referral or promotion) is not refundable to a payment card, but can be applied to future bookings.
• Expiration. Trepic-issued goodwill credit (referral bonuses, support make-goods, beta-contest awards, and similar) expires 12 months from the date of issuance, unless an earlier expiration date is shown at issuance. LiteAPI-backed vouchers honor the expiration shown at issuance (typically 30–365 days, set by LiteAPI's validity_end).
• Promotional vouchers are subject to the terms shown at issuance, including any expiration date (validity_end). Once a voucher expires, it cannot be reinstated except at Trepic's discretion.
• When a booking paid with Trepic Credit is cancelled and qualifies for a refund, the credit is returned to your Trepic Credit balance — not to a payment card.
• Trepic Credit has no cash value and is non-transferable. Where required by applicable consumer law (for example, certain U.S. state gift-card laws or EU rules), statutory rights override the foregoing.

6. Operator-issued refunds and goodwill

Trepic operations may issue partial or full refunds at their discretion as a goodwill gesture, even for nominally non-refundable bookings, in cases such as:

• service errors caused by Trepic or its booking systems;
• double-bookings;
• verified safety or accessibility failures by the supplier;
• genuine extenuating circumstances (subject to documentation).

Goodwill refunds are not a right and are decided case-by-case. We track them internally to keep them consistent.

7. What Trepic refunds vs. what the supplier refunds

To keep this transparent:

• Trepic refunds the amount you paid to Trepic for the cancelled booking, in the original payment currency, to the original payment method.
• Trepic does not refund: card-issuer foreign-transaction fees, currency-conversion spread imposed by your bank, third-party booking fees not paid to Trepic, or supplier-side change fees retained by the supplier.
• Where the airline, hotel, or operator retains a fee per its own rules, only the net amount actually returned to Trepic is refunded onward to you.

8. Disputes

1. Write to support@trepic.co within 30 days of the incident with your booking reference and a description of the issue.
2. We respond within 2 business days.
3. If we cannot resolve the issue, you have the right to file a chargeback with your card issuer or open a dispute with Stripe. We ask that you give us the first attempt — chargebacks lock our funds and slow resolution for everyone.
4. Unresolved disputes are governed by § 14 of the Terms of Service.

9. EU and UK consumers

If you are a consumer resident in the European Economic Area, the United Kingdom, or Switzerland, your statutory rights apply in addition to (and where in conflict, in place of) this Refund Policy. Note that under EU Directive 2011/83/EU and the UK Consumer Contracts Regulations 2013, the statutory 14-day cooling-off period for distance contracts does not apply to most travel, accommodation, transport, and leisure-service bookings tied to a specific performance date — supplier cancellation terms govern.

10. Changes to this policy

We may update this Refund Policy from time to time. The "Last updated" date above reflects the latest revision. Material changes are announced in line with § 12 of the Terms of Service. The policy in effect at the time you made a booking continues to govern that booking.

11. Contact

Trepic, Inc.
support@trepic.co — booking and refund support
legal@trepic.co — legal notices
Response time: within 2 business days

Cookie Policy §

Effective April 29, 2026

This Cookie Policy explains what cookies and similar storage technologies Trepic, Inc. ("Trepic") uses on trepic.co, trepic.app, and trepicstories.com (the "Services"), and your choices about them. It supplements our Privacy Policy.

1. What cookies are

A cookie is a small text file that a website stores on your device. It lets the site remember things across pages and visits — for example, that you're logged in. Local storage and session storage are similar browser-level mechanisms.

Cookies set by the site you're visiting are called first-party cookies. Cookies set by an embedded service from another domain are third-party cookies. Cookies are also categorized by purpose:

• Strictly necessary — required for the site to function (e.g., session, security, load balancing). These cannot be switched off.
• Functional — remember your preferences (e.g., language, your cookie-banner choice).
• Analytics — help us understand how the site is used.
• Marketing / advertising — used to deliver or measure ads, often by third parties.

2. Cookies and similar storage we use

The public marketing site (trepic.co) is intentionally lean. We do not run Google Analytics, Meta Pixel, LinkedIn Insight, TikTok Pixel, or any other third-party analytics or advertising tag.

How we collect consent for the trepic_attribution cookie. EEA, UK, and Swiss visitors are shown the cookie banner before any Functional or Analytics category is loaded, and the attribution cookie is set only after an affirmative "Accept" choice (ePrivacy Directive Art. 5(3); see Privacy Policy § 4.1). Visitors in the U.S. (and other CCPA-aligned jurisdictions) see a banner offering an explicit opt-out; the attribution cookie may be set on first visit pending the opt-out choice, and is removed if the user opts out or sends a Global Privacy Control signal. You can change your choice at any time using the "Open cookie preferences" button below or by clearing browser storage for trepic.co and reloading. Declining the attribution cookie does not affect your ability to browse, plan, or book on Trepic; you can still earn Trepic Credit on eligible non-referred bookings.

That's it. No analytics. No advertising. No social-media tracking pixels.

If we add any analytics or marketing tags in the future, we will update this page and update the cookie banner so you can choose whether to allow them before they are set.

3. Third-party cookies on the Services

We do not knowingly load third-party cookies on the public marketing site. A small number of third-party assets (Google Fonts, Unsplash images, the Babel/React CDN at unpkg.com) are requested over the network when you visit. These services do not, to our knowledge, set persistent cookies on font/image/script delivery, but they receive your IP address and basic request metadata as a normal part of the HTTP request, governed by their own privacy policies.

4. Cookies in our emails

Marketing and transactional emails sent through our provider (Resend) include a small tracking pixel and may rewrite outbound links so that we can see whether the email was opened and which links were clicked. This is not a cookie on the Services, but it is a similar tracking technology. You can disable image loading in your email client to suppress the pixel, and you can ask us to stop tracking your email engagement at any time at privacy@trepic.co.

5. Your choices

5.1 Cookie banner

On your first visit, our cookie banner asks for your choice. You can:

• Accept all — allow all categories. Today, this is functionally the same as the strictly-necessary baseline because we do not currently set analytics or marketing cookies.
• Reject all — only strictly-necessary storage will be used.
• Customize — toggle individual categories.

Your choice is stored in localStorage under the key trepic_cookie_consent_v1. To change your choice later, click the button below or clear your browser storage for trepic.co and reload the page.

5.2 Browser controls

All major browsers let you block all cookies, block third-party cookies, delete existing cookies and storage, or be prompted before a cookie is set. Search your browser's help for "manage cookies" — the controls are typically under Settings → Privacy.

5.3 Global Privacy Control (GPC)

We honor the Global Privacy Control signal as a valid opt-out of any "sale" or "sharing" of personal information for cross-context behavioral advertising under California law. We do not currently engage in such sharing in any case.

5.4 Do Not Sell or Share

California residents (and anyone else) may submit a Do Not Sell or Share request at § DNSMPI.

6. Updates

We may update this Cookie Policy from time to time. The "Last updated" date reflects the most recent change.

7. Contact

Questions? Email privacy@trepic.co.

Do Not Sell or Share My Information §

Effective April 29, 2026 · Use this form for any data-rights request

Trepic does not sell personal information and does not share it for cross-context behavioral advertising. We don't run Google Analytics, Meta Pixel, LinkedIn Insight, or any third-party marketing tag on our public site. You can read the details in our Privacy Policy and Cookie Policy.

This form is the public exercise channel for the rights granted by:

• CCPA / CPRA (California) — right to know, delete, correct, opt-out of sale or sharing, limit use of sensitive personal information.
• GDPR / UK GDPR (EEA, UK, Switzerland) — access, rectification, erasure, restriction, portability, objection, withdrawal of consent.
• LGPD (Brazil) — confirmation, access, correction, anonymization, portability, deletion.
• PIPEDA (Canada) — access, accuracy challenge.
• Australia Privacy Act — access and correction under the Australian Privacy Principles.
• Equivalent rights under other applicable privacy laws.

Submit a request

We'll respond within 30 days. We may ask you to verify your identity (typically by replying from the email address associated with the data) — this is required by law to protect you from impersonation requests.

Authorized agents

You may designate an authorized agent to submit a request on your behalf. The agent must provide written authorization, and we will verify with you directly before acting on the request.

Other contact channels

You can also email privacy@trepic.co directly. Postal mail (for EEA / UK / California formal notices): see the Privacy Policy.

Non-discrimination

We will not discriminate against you for exercising any of your privacy rights — for example by denying you our services, charging different prices, or providing a different level of quality.

Community Guidelines §

Version 2026.05.18 · Effective May 18, 2026

Trepic is for people who love thoughtful travel. We want everyone — travelers, creators, suppliers, and our editorial community — to feel safe, respected, and welcome. These Community Guidelines describe what you can and can't share on Trepic's user-content surfaces (trip stories, reviews, photos, comments, group-trip messages, and creator posts).

These Guidelines are part of, and incorporated by reference into, the Trepic Terms of Service. Where they conflict with the Terms, the Terms control.

1. Be authentic

• One person, one account. Don't impersonate anyone — including a Trepic employee, an officer or director of Trepic, a supplier, a celebrity, or another traveler.
• No fake reviews. Don't post reviews for places you haven't visited, services you didn't experience, or trips you didn't take. We follow U.S. FTC endorsement guidelines.
• Disclose paid or incentivized content. If a supplier comped your stay, gave you a discount, or paid you, say so clearly and prominently in the post.
• Label AI content. If you used AI to generate or materially modify a photo, caption, or review, label it. We may automatically label or remove unlabeled AI-generated content.
• No synthetic media of real people. Don't generate or post AI-edited images, audio, or video of any real, identifiable person without their consent.

2. Safety first

• No harassment, bullying, or threats. Don't target individuals or groups with personal attacks, intimidation, sustained insults, or threats of harm.
• No doxing. Don't share another person's private information (home address, private phone, government ID, financial information, biometric data, undisclosed sexual orientation, undisclosed immigration status, real-world location of a minor) without their consent.
• No incitement of violence. Don't promote, glorify, or call for violence against any person, group, or place.
• No terrorism or violent-extremism content. Don't promote, glorify, or recruit for designated foreign terrorist organizations, organized hate groups, or violent extremist movements.
• No non-consensual intimate imagery ("NCII"). Don't share intimate images of any person without their consent — including AI-generated synthetic intimate imagery.
• No content that endangers life. Don't promote suicide, self-harm, eating disorders, or behaviors that meaningfully endanger life.

3. Hate has no place here

Don't attack people, or post content that dehumanizes people, based on protected characteristics: race, ethnicity, national origin, caste, religion, disability, age, gender, gender identity, sexual orientation, serious disease, immigration status, or veteran status.

4. Protect children — zero tolerance

This is the rule we hold the hardest.

• Never post content that sexualizes a minor, in any form, drawn or photographed, real or AI-generated.
• Never attempt to groom, solicit, or sexually communicate with a minor.
• Never attempt sextortion, including against an adult.
• Never post content depicting child abuse, trafficking, or exploitation.
• Don't post identifiable minors in commercial promotion, brand-partner posts, paid placements, or affiliate content without verified parental consent on file. You are responsible for compliance with COPPA, GDPR-K, and analogous laws.
• Don't share the real-world location of a minor (school, daily route, current location).

We report apparent child sexual exploitation to the U.S. National Center for Missing & Exploited Children ("NCMEC") under 18 U.S.C. § 2258A and to analogous authorities. Accounts associated with this content are terminated permanently and referred to law enforcement.

5. Don't use Trepic for illegal goods or harm

• No sale or facilitation of firearms, explosives, regulated weapons, illegal drugs, or regulated pharmaceuticals.
• No sale of stolen, counterfeit, or knock-off goods.
• No human-trafficking, smuggling, slavery, or commercial-sexual-exploitation content.
• No facilitation of wildlife trafficking or content that promotes dangerous, illegal, or cruel interactions with animals.

6. Respect intellectual property

Post only content you have the right to post. Don't upload someone else's photos, articles, video, music, or other work without permission or a valid license. We respond to DMCA and equivalent notices under our Copyright Policy. Repeated infringement leads to account termination.

7. No spam or platform manipulation

• No bulk-posting, brigading, or coordinated inauthentic behavior.
• No fake engagement, vote-farming, or review manipulation.
• No phishing, malware, scam links, or off-platform redirection to bypass bookings.
• No automated posting, scraping, or account creation. See § 4.1 of the Terms.

8. Don't spread harmful misinformation

Trepic is not the place for content that, if believed, could meaningfully cause real-world harm. Examples include:

• Medical misinformation that contradicts the consensus of public-health authorities and could cause physical harm (e.g., dangerous travel-medical or vaccine advice).
• Civic-integrity misinformation that misleads about the time, place, or manner of a public election.

We may label, downrank, or remove such content. We take particular care to avoid over-moderating good-faith commentary or satire.

9. How to report a violation

If you see something that violates these Guidelines, please report it:

• Use the in-product flag where available (on posts, reviews, photos, and comments).
• Email trust@trepic.co with a link, screenshot, and brief description.
• For copyright concerns, see DMCA & Copyright.
• For child-safety emergencies, also contact local law enforcement and (in the U.S.) the NCMEC CyberTipline at report.cybertip.org.

10. Enforcement

We may enforce these Guidelines through a graduated response, including:

1. Warning, in-product educational message, or content label.
2. Content removal, downranking, or geographic restriction.
3. Feature restriction (e.g., disabling messaging, commenting, or posting).
4. Temporary suspension.
5. Permanent account termination and, where applicable, referral to law enforcement.

Severity and pattern of violations determine the response. Some violations — including child sexual exploitation, credible threats of violence, terrorism content, NCII, and the sale of weapons or trafficking — result in immediate permanent termination.

11. Appeals

If you believe we removed your content or restricted your account in error, you may appeal by emailing trust@trepic.co within 30 days. We aim to respond within 10 business days. Where required by law (e.g., EU Digital Services Act), we provide a statement of reasons and an internal-complaint-handling channel.

12. Changes

We will update these Guidelines as the Service evolves. Material changes will be posted here with an updated effective date.

13. Contact

Trust & Safety: trust@trepic.co
Legal: legal@trepic.co
Copyright: copyright@trepic.co

DMCA & Copyright §

Version 2026.05.18 · Effective May 18, 2026

Trepic respects the intellectual-property rights of others and expects users to do the same. This section describes how to send Trepic a copyright complaint under the Digital Millennium Copyright Act (17 U.S.C. § 512), how to send a counter-notice, how trademark complaints are handled, and our repeat-infringer policy. It is part of, and incorporated by reference into, the Trepic Terms of Service.

1. How to send a copyright notice (DMCA § 512(c)(3))

If you believe content on the Services infringes your copyright, send a written notice to our designated agent containing the following. A defective notice may not be actionable.

1. Your physical or electronic signature.
2. Identification of the copyrighted work you claim has been infringed (or, for multiple works on the Services, a representative list).
3. Identification of the material claimed to be infringing and information reasonably sufficient to locate it (e.g., full URLs, screenshots, post IDs).
4. Your contact information: full legal name, mailing address, telephone, and email.
5. A statement that you have a good-faith belief that the use of the material is not authorized by the copyright owner, its agent, or the law.
6. A statement that the information in your notice is accurate, and, under penalty of perjury, that you are the owner of the copyright or are authorized to act on the owner's behalf.

1.1 Send your notice to:

Trepic, Inc.
Attn: DMCA Designated Agent
c/o the registered agent in Delaware (full address available on request)
Email: copyright@trepic.co

Email is the fastest channel; we monitor copyright@trepic.co on business days.

2. Counter-notices (DMCA § 512(g))

If we removed or disabled access to material in response to a DMCA notice and you believe the removal was a mistake or misidentification, you may submit a counter-notice including:

1. Your physical or electronic signature.
2. Identification of the material that was removed and the location at which it appeared before removal.
3. A statement, under penalty of perjury, that you have a good-faith belief the material was removed or disabled as a result of mistake or misidentification.
4. Your full legal name, address, and telephone number.
5. A statement that you consent to the jurisdiction of the U.S. District Court for the District of Delaware (or, if your address is outside the United States, any judicial district in which Trepic may be found) and that you will accept service of process from the original complainant or their agent.

Send counter-notices to copyright@trepic.co. We will forward valid counter-notices to the original complainant and may restore the material after 10–14 business days unless the complainant files an action seeking a court order.

3. Repeat-infringer policy (DMCA § 512(i))

Trepic maintains a policy, in appropriate circumstances, of disabling, suspending, or terminating accounts of users who are determined to be repeat infringers of intellectual-property rights. A user is generally treated as a repeat infringer after two or more substantiated notices within a rolling 12-month period, but a single egregious violation (e.g., posting an entire commercial work without license, or counterfeit branding) may result in immediate termination. Multiple accounts associated with a repeat infringer may also be terminated.

4. Misrepresentations (DMCA § 512(f))

Knowingly materially misrepresenting in a notice or counter-notice that material is infringing, or was removed by mistake, may subject you to liability for damages, including costs and attorneys' fees. We may report bad-faith notices and counter-notices to the appropriate authorities.

4.1 Designated agent registration — note for Crystal

The DMCA § 512(c) safe harbor requires Trepic, Inc. to register a designated agent with the U.S. Copyright Office Directory. Action item: confirm registration is current at copyright.gov/dmca-directory and that the contact details on file match the information shown above. Re-register every three years and after any change.

5. Trademark complaints

If you believe your trademark is being used in a way that infringes your rights — for example, counterfeit branding, unauthorized use of a logo, or a misleading impersonation — send a complaint to brand@trepic.co with the following:

1. The registered mark (jurisdiction, registration number, and goods or services).
2. Identification of the allegedly infringing use, with URLs or screenshots.
3. The basis for your good-faith belief (likelihood of confusion, false designation of origin, dilution, etc.).
4. Your contact information.
5. A statement, under penalty of perjury, that the information is accurate and that you are authorized to act on behalf of the trademark owner.

Trademark complaints can be more fact-intensive than copyright complaints (e.g., comparative reference, nominative fair use, and commentary may be permitted). We may consult counsel before acting.

6. International notice-and-action equivalents

Where applicable, we honor the notice-and-action regimes of the EU Digital Services Act, the UK Online Safety Act, and analogous laws. Use the same intake channels above.

7. Contact

Copyright (DMCA): copyright@trepic.co
Trademark: brand@trepic.co
General legal: legal@trepic.co

Tria AI Terms §

Version 2026.05.18 · Effective May 18, 2026

"Tria" is Trepic's AI itinerary planner. Tria uses one or more third-party large-language-model providers to interpret your prompt and generate suggestions for places to stay, things to do, and ways to spend a day. These Tria AI Terms tell you how Tria works, what you should rely on (and what you shouldn't), what you may and may not do with Tria, and who owns what.

1. What Tria does — and doesn't

• Tria generates suggestions based on your stated preferences and limited account context (home location, language, currency, party-size, prior trip themes).
• Tria does not book anything on its own. You always confirm a booking yourself before any payment is taken.
• Tria is not a licensed travel agent, financial advisor, medical professional, attorney, immigration consultant, or insurance broker. Its output is not professional advice.

2. Limitations you should know

Large-language models have well-documented limitations. Tria's output may:

• Be incorrect, incomplete, or out-of-date (including about prices, hours, requirements, and availability).
• Hallucinate — invent details, places, names, or facts.
• Reflect biases present in training data or upstream filtering decisions.
• Vary between sessions even with the same prompt.

You must independently verify any factual claim or requirement before relying on it. We particularly recommend verifying: visa, passport, and entry requirements; vaccination and health requirements; local laws and safety conditions; insurance coverage; weather and seasonality; and currency or banking constraints.

3. Acceptable use

You may use Tria to plan trips, generate inspiration, refine itineraries, get summaries of editorial content, and explore destinations. You may not use Tria, or any other Trepic AI feature, to:

• Generate or refine content prohibited by the Community Guidelines or § 4 of the Terms (including hate, harassment, NCII, terrorism content).
• Generate child sexual abuse material, sextortion content, content sexualizing or endangering minors, or content that grooms a minor — zero tolerance; reported to NCMEC under 18 U.S.C. § 2258A.
• Generate synthetic media (deepfakes) of any real, identifiable person without that person's affirmative consent.
• Generate election or civic-integrity disinformation that could meaningfully mislead voters, or public-health misinformation that could cause real-world harm.
• Generate fraud, scam, phishing, deceptive impersonation, or social-engineering content.
• Generate content that infringes intellectual-property rights of any third party (e.g., asking Tria to reproduce a copyrighted article verbatim).
• Extract, reverse-engineer, or reconstruct system prompts, retrieval indexes, training data, or model weights.
• Train, fine-tune, distill, evaluate, benchmark, or otherwise develop any machine-learning model or dataset using Tria's outputs or behavior, except as separately authorized in writing.
• Automate or programmatically abuse Tria's endpoints (e.g., scraping, parallelized inference at scale, or use through unauthorized clients).

We may suspend or terminate accounts for violations, and we cooperate with law enforcement where appropriate.

4. Output ownership

Subject to these Terms and to applicable law, you may use the itinerary suggestions Tria generates for your personal travel and may modify, annotate, share, and rely on them at your own risk. Trepic does not claim ownership in the textual suggestion you accept and personalize for your own use.

Copyright in pure AI output. Under current U.S. Copyright Office guidance, purely AI-generated output is not eligible for copyright protection without sufficient human authorship. You should not assert exclusive copyright in unmodified Tria output.

Other users' use. If you publish Tria output (e.g., as a trip story), other users may quote, reference, or build on it consistent with these Terms and the Community Guidelines.

5. How Tria uses your interactions

We may use your prompts, responses, ratings, edits, flags, and feedback signals (in de-identified or aggregated form where reasonably possible) to evaluate and improve Trepic's prompts, retrieval, safety filters, and the Service generally. Tria prompts and responses linked to your account are retained for up to 24 months for product improvement and abuse investigation; you can request earlier deletion at privacy@trepic.co.

No training of upstream models on your content. We require our upstream foundation-model providers, by contract and where commercially reasonable through zero-retention or short-retention configurations, not to use your personal content to train their underlying foundation models. We will update this notice if our posture changes.

6. Affiliate & commercial relationships

Tria may surface stays, experiences, or activities that are sourced through Trepic's commercial relationships (including affiliate partners), in addition to non-commercial editorial picks. Where a suggestion is monetized or driven by an affiliate relationship, we will indicate that in the itinerary or at the relevant suggestion. Affiliate relationships do not override Tria's stated preference-fit logic; we strive to keep recommendations honest.

7. AI-content labeling

If you take Tria output and publish it as your own User Content, you must label any AI-generated or materially AI-modified material clearly. We may automatically label, downrank, or remove unlabeled AI content that is likely to mislead a reasonable reader.

8. Safety and incident reporting

If you encounter an output you believe is harmful, unsafe, infringing, or violates these Tria AI Terms, please flag it in the Service or email trust@trepic.co. Security vulnerabilities — including prompt-injection or jailbreak findings — can be reported to security@trepic.co.

9. Disclaimers and liability

Tria is provided "as is" and "as available." To the maximum extent permitted by law, Trepic disclaims all warranties with respect to Tria, including warranties of accuracy, completeness, fitness for a particular purpose, and non-infringement. The disclaimers, liability cap, releases, and indemnification in §§ 9–11 of the Terms of Service apply equally to your use of Tria.

10. Changes

We will update these Tria AI Terms as the product and the underlying technology evolve. Material changes will be posted here with an updated effective date.

11. Contact

Trust & Safety: trust@trepic.co
Privacy: privacy@trepic.co
Security: security@trepic.co
Legal: legal@trepic.co

Trust & Safety §

Version 2026.05.18 · Effective May 18, 2026

Trepic exists to make travel more thoughtful — and our community is what makes that possible. This section summarizes how we protect people on Trepic: how we moderate content, how we protect children, how we keep reviews honest, how we handle AI-generated material, and how to report a problem. It works in tandem with our Community Guidelines and Terms of Service.

1. How we moderate content

Trepic uses a layered approach to moderate User Content (reviews, photos, trip stories, comments, group-trip messages, and creator posts):

• Automated detection for known categories of harm — including child-safety hash-matching, NCII detection where applicable, malware and phishing signals, spam patterns, fake-engagement signals, and basic policy classifiers.
• User reporting through in-product flags and trust@trepic.co.
• Human review by trained reviewers for ambiguous cases, escalations, and appeals. We avoid moderating in ways that suppress good-faith commentary, satire, or non-English-language content.
• Proactive sweeps in high-risk contexts (new accounts, viral posts, sensitive destinations).

2. Child safety

Child safety is non-negotiable. We:

• Set 18+ as the minimum age to book and create an account, and use a 13+ floor for editorial reading (16+ where required by GDPR).
• Do not knowingly collect personal information from children under the applicable age, and do not use any child's data for advertising, profiling, or targeting.
• Do not allow identifiable minors in commercial promotion, brand-partner posts, paid placements, or affiliate UGC without verified parental consent on file.
• Maintain a zero-tolerance policy for any content that sexualizes a minor, grooms a minor, depicts child abuse or exploitation, or attempts sextortion. Such content results in immediate, permanent termination.
• Use industry-standard child-safety detection (including, where applicable, perceptual-hash matching against known CSAM hash sets) on User Content surfaces.
• Report apparent child sexual exploitation to the U.S. National Center for Missing & Exploited Children ("NCMEC") under 18 U.S.C. § 2258A, and to analogous authorities (e.g., the UK Internet Watch Foundation, EU CSAM hotline network) where applicable.
• Cooperate with law enforcement through lawful process.

If you observe content that endangers a child, please report it immediately via trust@trepic.co and, for emergencies, to local law enforcement and the NCMEC CyberTipline at report.cybertip.org.

3. Authenticity (reviews and ratings)

• No fake reviews. Don't post reviews of places or services you haven't experienced.
• Disclose incentives. If you received a free stay, discount, or payment, disclose it in line with U.S. FTC endorsement guidelines.
• One person, one voice. Don't operate sockpuppet accounts to inflate, deflate, or manipulate ratings.
• No review-bombing. Coordinated brigades to harm a supplier (or to artificially praise one) are removed.
• We use review-fraud signals (account age, device patterns, language signals, off-platform coordination) to detect manipulation.

4. AI labeling

We require AI-generated or materially AI-modified User Content to be clearly labeled where it would otherwise mislead a reasonable reader. We may automatically label, downrank, or remove unlabeled AI content. We do not permit unlabeled synthetic media (deepfakes) of real, identifiable people. See Tria AI Terms.

5. Harassment, hate, and violence

We remove content that targets people with harassment, hate speech, threats, or incitement to violence; see the Community Guidelines. We protect public-interest commentary, criticism, journalism, and satire to the extent we reasonably can.

6. Cooperation with law enforcement

We respond to lawful subpoenas, search warrants, and analogous legal process from the United States and other jurisdictions consistent with applicable law. We may voluntarily disclose information where we believe in good faith that an emergency involving imminent danger of death or serious physical injury requires immediate disclosure. Law-enforcement inquiries: legal@trepic.co.

7. How to report

• In-product flag — on reviews, photos, posts, and comments.
• Trust & Safety email — trust@trepic.co with a link, screenshot, and brief description.
• Privacy concerns — privacy@trepic.co.
• Copyright/trademark — see DMCA & Copyright.
• Security vulnerabilities — security@trepic.co.
• Emergencies involving life or child safety — contact local emergency services and the NCMEC CyberTipline.

8. Enforcement and appeals

Actions range from a warning or label, to downranking, to feature restriction, to temporary suspension, to permanent termination. Severity and pattern of violations drive the response. Some categories — including child sexual exploitation, credible violent threats, terrorism content, NCII, and trafficking — result in immediate permanent termination.

If you believe we acted in error, email trust@trepic.co within 30 days. We aim to respond within 10 business days and to provide a statement of reasons where required (e.g., EU Digital Services Act).

9. Transparency

We intend to publish aggregate moderation statistics on a regular cadence as our community grows (categories of content removed, top reporting reasons, appeal-overturn rate). Specific metrics and publication schedule will be announced as the program matures.

10. Contact

Trust & Safety: trust@trepic.co
Privacy: privacy@trepic.co
Security: security@trepic.co
Legal: legal@trepic.co

Accessibility Statement §

Version 2026.05.18 · Effective May 18, 2026

Trepic believes travel inspiration and planning should be available to everyone. We are working to align our public sites and our trepic.app product with the Web Content Accessibility Guidelines (WCAG) 2.1 at Level AA, and to meet the spirit of the Americans with Disabilities Act, Section 508, the EU Web Accessibility Directive, and the European Accessibility Act.

1. What we do today

• Semantic HTML for the marketing site and editorial content.
• Visible focus states and keyboard navigation for primary flows.
• Text alternatives (alt text) for non-decorative imagery; decorative imagery marked accordingly.
• Sufficient color contrast for body text, in line with WCAG 1.4.3.
• Forms with labeled inputs, error messages, and inline validation.
• Scalable text using relative units that respect browser and OS zoom.
• Compatibility with current versions of major screen readers and mobile assistive technology, on a best-efforts basis.

2. Where we know we're not yet there

We are humble about the gaps that remain. Known limitations as of this version include:

• Some legacy editorial images on trepicstories.com lack rich alt text and are being backfilled.
• Some complex map and itinerary views on trepic.app are difficult to navigate with screen readers; we are redesigning these flows.
• Color contrast on a small number of secondary brand surfaces is being audited and adjusted.
• Captions and transcripts for video content are added on a best-effort basis and may be added retroactively.
• Third-party embedded content (e.g., supplier widgets, payment elements) is governed by the third party's own accessibility implementation; we work with vendors to drive improvement.

3. How to report an accessibility issue

If you encounter an accessibility barrier on any Trepic site or product, please tell us so we can fix it.

Email accessibility@trepic.co with:

• the URL or screen where you encountered the issue;
• a short description of the issue (and, if you're comfortable, what assistive technology you were using);
• what you were trying to do and what happened.

We aim to acknowledge accessibility reports within 2 business days and to provide a remediation plan or a workaround as soon as reasonably practicable. If a workaround is needed in the meantime, our team can help by phone or email.

4. Ongoing improvement

Accessibility is a continuous practice, not a one-time milestone. We commit to:

• periodic internal accessibility reviews of new and changed features;
• engaging an external accessibility consultant for an audit prior to material product launches;
• training engineers and designers on inclusive design fundamentals;
• updating this Statement as our compliance posture changes.

5. Contact

Accessibility: accessibility@trepic.co
Support: support@trepic.app
Legal: legal@trepic.co

California Privacy Notice §

Version 2026.05.18 · Effective May 18, 2026

This Notice supplements the Trepic Privacy Policy and applies solely to California residents. Terms used here have the meaning given to them under CCPA/CPRA.

1. Notice at Collection (CCPA § 1798.100(b))

At or before the point we collect personal information, we provide this Notice at Collection. We collect the following categories of personal information from California consumers and use them for the purposes shown. We retain each category for the periods described in § 8 of the Privacy Policy.

Sources of personal information. Directly from you; from your device or browser when you use the Services; from suppliers we engage on your behalf; from our payment processor; from referring users; and from third-party identity providers when you sign in with them.

Categories of third parties to whom we disclose for business purposes. Service providers in the categories listed in § 5.1 of the Privacy Policy; suppliers acting as independent controllers for the bookings you initiate; law-enforcement, regulators, and parties to legal process where required.

Retention. See § 8 of the Privacy Policy for category-by-category retention periods.

2. We do not sell or share personal information

Trepic does not sell personal information for monetary or other valuable consideration, and does not share personal information for cross-context behavioral advertising, as those terms are defined under CCPA/CPRA. We have not done so in the preceding 12 months.

We do not knowingly sell or share the personal information of consumers under the age of 16.

3. Your California rights

You have the right to:

• Know / access — the categories and specific pieces of personal information we have collected, the categories of sources, the purposes, the categories of third parties to whom it has been disclosed for a business purpose, and (if applicable) the categories of third parties to whom it has been sold or shared.
• Delete — personal information we have collected from you, subject to permitted exceptions (e.g., to complete a transaction, ensure security, comply with law).
• Correct — inaccurate personal information we maintain about you.
• Opt out of sale or sharing — we don't engage in either, but the right is preserved. You may also submit a request via § DNSMPI.
• Limit use and disclosure of Sensitive Personal Information — restrict our use of SPI to purposes permitted under CPRA § 1798.121(a).
• Non-discrimination — we will not deny service, charge different prices, or provide a different level of quality because you exercised any of these rights.
• Designate an authorized agent — to make a request on your behalf, subject to verification.

3.1 How to submit a request

Submit privacy requests to privacy@trepic.co with the subject line "California Privacy Request," or via the form at § DNSMPI. We verify identity by responding to the email on file and, where appropriate, by requesting additional information that matches what we already hold about you. We respond within 45 days (extendable by an additional 45 days where reasonably necessary, with notice).

3.2 Authorized agents

An authorized agent may submit a request on your behalf if you provide signed written authorization, or you have given the agent a power of attorney under Cal. Probate Code §§ 4000–4465. We may also require you to verify your identity directly with us.

3.3 Global Privacy Control

We honor the Global Privacy Control browser signal as a valid opt-out of sale or sharing for the browser-level data tied to that signal.

4. Notice of Financial Incentive (reserved)

Trepic does not currently offer financial incentives or price/service differences in exchange for the collection, retention, or sale of personal information within the meaning of CCPA § 1798.125. If we ever introduce such a program (for example, a loyalty or referral program that meets the legal definition), we will provide a separate Notice of Financial Incentive describing the material terms, the method of opting in and out, and our good-faith estimate of the value of the data.

5. California minors right of removal (Cal. Bus. & Prof. Code § 22581)

If you are a California resident under 18 and have posted content on the Services, you have the right to request removal of that content. Email privacy@trepic.co. Removal does not ensure complete or comprehensive removal of the content from the internet (for example, where another user has re-shared it).

6. "Shine the Light" (Cal. Civ. Code § 1798.83)

California residents may once per year request a notice describing what categories of personal information we shared with third parties for those third parties' direct-marketing purposes in the prior calendar year. We do not share personal information with third parties for their direct-marketing purposes. Submit Shine the Light requests to privacy@trepic.co.

7. Contact

Privacy: privacy@trepic.co
Data Protection Officer (EU/UK): dpo@trepic.co
Mail: Trepic, Inc., c/o the registered agent in Delaware (full address available on request).

Data Deletion Request §

Effective May 24, 2026 · For users who have linked TikTok or Instagram to Trepic

If you have linked your TikTok or Instagram account to Trepic — for example, as part of a creator tier application or to verify your follower count — this page is how you ask us to delete the data we collected through that link. You don't need a lawyer, and you don't need to justify the request. Pick the path that fits you and we'll take care of the rest.

1. What we delete

When you submit a data-deletion request, we permanently remove everything we stored in connection with your linked social account:

• OAuth credentials (access tokens, refresh tokens, and any scope grants we cached);
• The linked platform handle and platform user ID;
• Follower-count and engagement-rate snapshots we pulled to evaluate your tier application;
• Any cached profile metadata (display name, avatar URL, bio, account type) we received from the platform;
• Any background-job state tied to refreshing the link.

Internally these records live in our social_oauth_tokens and social_stats_snapshots tables. After deletion runs, no row tied to your linked social account remains in those tables.

2. How to request deletion

Three paths, fastest first:

A. From inside your Trepic account (instant)

Sign in to Trepic, go to Settings → Connected Accounts, and click Unlink next to the TikTok or Instagram entry. The unlink revokes the OAuth grant with the platform and triggers deletion of the records listed above. This is the fastest path and you'll see confirmation in-app.

B. Email (within 24 hours)

Email privacy@trepic.app with the subject line "Data Deletion Request — [your Trepic handle]". Include the platform you linked (TikTok or Instagram) and the handle on that platform so we can match the record. We'll confirm receipt and complete deletion within 24 hours.

C. If you're not signed in and don't have an account

If you authorized Trepic to read your TikTok or Instagram profile but never finished creating a Trepic account, email privacy@trepic.app with the subject line "Data Deletion Request — no account" and tell us the platform and handle you used. We'll locate any stranded OAuth record and delete it.

3. Timeline

4. What this page does not cover

A data-deletion request under this page removes the data we collected through your TikTok or Instagram link. It does not delete:

• Content you created natively inside Trepic — trips, itineraries, trip stories, journals, bookings, reviews, ratings, or messages;
• Posts you published within Trepic itself;
• Records we are required by law, tax regulation, or anti-fraud obligation to retain (e.g., booking and payment records under our Refund Policy and tax law);
• De-identified, aggregated analytics that can no longer be associated with you.

If you want to delete your entire Trepic account — every trip, story, booking, and review — that's a separate process. Email privacy@trepic.co with the subject "Account Deletion" and we'll walk you through it, including the records we're legally required to keep and the timeline for the rest. See also Privacy Policy for retention details.

5. Verification

For requests from path A (signed-in unlink) we trust the authenticated session. For requests from paths B and C (email) we may ask you to confirm the request from the email address on file, or to demonstrate control of the linked TikTok or Instagram handle (e.g., by posting a short verification phrase to the linked account's bio or by responding from the platform's messaging surface). Verification protects you from someone else asking us to delete your data.

6. Revoking on the platform side too

Deleting Trepic's copy of your data is one half of the loop. To also revoke Trepic's permission to read your profile on the platform, you can manage authorized apps directly:

• Instagram: Settings → Apps and Websites → Active → revoke "Trepic";
• TikTok: Settings and privacy → Security and login → Manage app permissions → revoke "Trepic".

Path A (in-app Unlink) does this for you automatically. Paths B and C delete Trepic's copy; you may still want to revoke on the platform side as belt-and-suspenders.

7. Contact

Questions about a data-deletion request, or about Trepic's privacy practices generally:
privacy@trepic.app (deletion requests, fastest)
privacy@trepic.co (general privacy inquiries, account-wide deletion)
Data Protection Officer (EU/UK): dpo@trepic.co